diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2015-03-19 10:14:39 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2015-03-19 10:14:39 +0000 |
commit | aec9318591387cbbffaafc978fb306bbcc90f1bd (patch) | |
tree | b0d0aa79a7bc9e79eea4613091e8ca6d127c5079 /main | |
parent | 3cb1acadac50d7ae5e753cdc806fa57edc72e47a (diff) | |
download | aports-aec9318591387cbbffaafc978fb306bbcc90f1bd.tar.bz2 aports-aec9318591387cbbffaafc978fb306bbcc90f1bd.tar.xz |
main/linux-grsec: upgrade to 3.14.36
Diffstat (limited to 'main')
-rw-r--r-- | main/linux-grsec/APKBUILD | 16 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-3.1-3.14.36-201503182218.patch (renamed from main/linux-grsec/grsecurity-3.1-3.14.35-201503071140.patch) | 1117 |
2 files changed, 730 insertions, 403 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index 736f0bce33..85f0a86beb 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -2,7 +2,7 @@ _flavor=grsec pkgname=linux-${_flavor} -pkgver=3.14.35 +pkgver=3.14.36 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; @@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}} install= source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz - grsecurity-3.1-3.14.35-201503071140.patch + grsecurity-3.1-3.14.36-201503182218.patch fix-memory-map-for-PIE-applications.patch imx6q-no-unclocked-sleep.patch @@ -165,24 +165,24 @@ dev() { } md5sums="b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz -7db70508b7cb888650f8bc14bca04a03 patch-3.14.35.xz -d81a6ebd98c282c66cfede4e6a7db170 grsecurity-3.1-3.14.35-201503071140.patch +85d1d459cb9bcedcfbdb03dd9df83d23 patch-3.14.36.xz +44594b78075024e23fe9b588dd4a7a10 grsecurity-3.1-3.14.36-201503182218.patch c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch 1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch 4ceaeb8adf2cf3353a8327f927aeea1c kernelconfig.x86 450ca5bae3629c50c0b0485f3a334508 kernelconfig.x86_64 e18158a62b940c4b12bafbacd1e00639 kernelconfig.armhf" sha256sums="61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa linux-3.14.tar.xz -372a13e28ec4dc16c38e9bf2a01919960844d5c1fec66e7fe49918484c624094 patch-3.14.35.xz -a520dbd1dbaa4fe36edb1c599783686d3aba5ed39e3105bb400fbd9afdafd31c grsecurity-3.1-3.14.35-201503071140.patch +af2e5b01b4d771e9818271d6023bdc1ca8668bdb0fe081ab9373ee58c29795bf patch-3.14.36.xz +2892787071815cf8b1b8cf282c063826e2ab5a3f3df303ad43630f18fb60d292 grsecurity-3.1-3.14.36-201503182218.patch 500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch 21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch 1c6eca9c7fef842280bbf4705c01c4535d8fde92e00887e52d2a62a0aefe5f94 kernelconfig.x86 30cdfc33bf00d1d9a79ea2bc46dfc6a69c2317e05a84ec16b79a4c8015f70ead kernelconfig.x86_64 655e230d216896c769ec184cb7ec4f95aea3a13326251ffdf35c17426687d1b9 kernelconfig.armhf" sha512sums="5730d83a7a81134c1e77c0bf89e42dee4f8251ad56c1ac2be20c59e26fdfaa7bea55f277e7af156b637f22e1584914a46089af85039177cb43485089c74ac26e linux-3.14.tar.xz -f698636b1c06e2694a1e991c2563f43991f75fc3a4c0933b7a2b1e1e0d847df6868c7e7aa4661ed1242b9120d3fa5214e06920feeadec098652a9b8bf7b97be8 patch-3.14.35.xz -50047e28cd4074369ec82d8895786015952fdc5354e4082eba083fa5a990a017022bd29bbfbce059f2d84d5ffcc70fb0cb8a0e4511fb884fd25fc1b3ae727164 grsecurity-3.1-3.14.35-201503071140.patch +971273437b29810db5931ccc58db7dbcad23895a8907b01dd3aca0fa3a3beb889c9e916cb3e5214a8753165ed952d79267b6923d4442837dfb66d53d1884e5c2 patch-3.14.36.xz +4243784e6db8902667605f8681b9e710d26c142459721331bfa109135f530c095a1b0532bd7e916ab10f23b07041f35c0eec821d382b5aa801c2573b394773d5 grsecurity-3.1-3.14.36-201503182218.patch 4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch 87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch 8479492c9c3f9bb08e7f04379bb69574fcf59b63db24392797fa6c73c992aa9d8415b97e96151f20bf5d117d5abc430da08bae4e5fb99ad6d4635bc0fadab85c kernelconfig.x86 diff --git a/main/linux-grsec/grsecurity-3.1-3.14.35-201503071140.patch b/main/linux-grsec/grsecurity-3.1-3.14.36-201503182218.patch index 4cf94959ae..28c0f41f7c 100644 --- a/main/linux-grsec/grsecurity-3.1-3.14.35-201503071140.patch +++ b/main/linux-grsec/grsecurity-3.1-3.14.36-201503182218.patch @@ -292,7 +292,7 @@ index 5d91ba1..935a4e7 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 9720e86..98643f8 100644 +index 4e6537b..ce0ac5f 100644 --- a/Makefile +++ b/Makefile @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -23088,7 +23088,7 @@ index c5a9cb9..b6a5426 100644 /* diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S -index 02553d6..ff1450f4 100644 +index 06469ee..ff1450f4 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S @@ -60,6 +60,8 @@ @@ -23758,7 +23758,7 @@ index 02553d6..ff1450f4 100644 .popsection /* -@@ -539,25 +1008,26 @@ ENTRY(ret_from_fork) +@@ -539,7 +1008,7 @@ ENTRY(ret_from_fork) RESTORE_REST @@ -23766,19 +23766,9 @@ index 02553d6..ff1450f4 100644 + testb $3, CS-ARGOFFSET(%rsp) # from kernel_thread? jz 1f -- testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET -- jnz int_ret_from_sys_call -- -- RESTORE_TOP_OF_STACK %rdi, -ARGOFFSET -- jmp ret_from_sys_call # go to the SYSRET fastpath -+ /* -+ * By the time we get here, we have no idea whether our pt_regs, -+ * ti flags, and ti status came from the 64-bit SYSCALL fast path, -+ * the slow path, or one of the ia32entry paths. -+ * Use int_ret_from_sys_call to return, since it can safely handle -+ * all of the above. -+ */ -+ jmp int_ret_from_sys_call + /* +@@ -552,15 +1021,13 @@ ENTRY(ret_from_fork) + jmp int_ret_from_sys_call 1: - subq $REST_SKIP, %rsp # leave space for volatiles @@ -23794,7 +23784,7 @@ index 02553d6..ff1450f4 100644 /* * System call entry. Up to 6 arguments in registers are supported. -@@ -594,7 +1064,7 @@ END(ret_from_fork) +@@ -597,7 +1064,7 @@ END(ret_from_fork) ENTRY(system_call) CFI_STARTPROC simple CFI_SIGNAL_FRAME @@ -23803,7 +23793,7 @@ index 02553d6..ff1450f4 100644 CFI_REGISTER rip,rcx /*CFI_REGISTER rflags,r11*/ SWAPGS_UNSAFE_STACK -@@ -607,16 +1077,23 @@ GLOBAL(system_call_after_swapgs) +@@ -610,16 +1077,23 @@ GLOBAL(system_call_after_swapgs) movq %rsp,PER_CPU_VAR(old_rsp) movq PER_CPU_VAR(kernel_stack),%rsp @@ -23829,7 +23819,7 @@ index 02553d6..ff1450f4 100644 jnz tracesys system_call_fastpath: #if __SYSCALL_MASK == ~0 -@@ -640,10 +1117,13 @@ sysret_check: +@@ -643,10 +1117,13 @@ sysret_check: LOCKDEP_SYS_EXIT DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF @@ -23844,7 +23834,7 @@ index 02553d6..ff1450f4 100644 /* * sysretq will re-enable interrupts: */ -@@ -702,6 +1182,9 @@ auditsys: +@@ -705,6 +1182,9 @@ auditsys: movq %rax,%rsi /* 2nd arg: syscall number */ movl $AUDIT_ARCH_X86_64,%edi /* 1st arg: audit arch */ call __audit_syscall_entry @@ -23854,7 +23844,7 @@ index 02553d6..ff1450f4 100644 LOAD_ARGS 0 /* reload call-clobbered registers */ jmp system_call_fastpath -@@ -723,7 +1206,7 @@ sysret_audit: +@@ -726,7 +1206,7 @@ sysret_audit: /* Do syscall tracing */ tracesys: #ifdef CONFIG_AUDITSYSCALL @@ -23863,7 +23853,7 @@ index 02553d6..ff1450f4 100644 jz auditsys #endif SAVE_REST -@@ -731,12 +1214,15 @@ tracesys: +@@ -734,12 +1214,15 @@ tracesys: FIXUP_TOP_OF_STACK %rdi movq %rsp,%rdi call syscall_trace_enter @@ -23880,7 +23870,7 @@ index 02553d6..ff1450f4 100644 RESTORE_REST #if __SYSCALL_MASK == ~0 cmpq $__NR_syscall_max,%rax -@@ -766,7 +1252,9 @@ GLOBAL(int_with_check) +@@ -769,7 +1252,9 @@ GLOBAL(int_with_check) andl %edi,%edx jnz int_careful andl $~TS_COMPAT,TI_status(%rcx) @@ -23891,7 +23881,7 @@ index 02553d6..ff1450f4 100644 /* Either reschedule or signal or syscall exit tracking needed. */ /* First do a reschedule test. */ -@@ -812,7 +1300,7 @@ int_restore_rest: +@@ -815,7 +1300,7 @@ int_restore_rest: TRACE_IRQS_OFF jmp int_with_check CFI_ENDPROC @@ -23900,7 +23890,7 @@ index 02553d6..ff1450f4 100644 .macro FORK_LIKE func ENTRY(stub_\func) -@@ -825,9 +1313,10 @@ ENTRY(stub_\func) +@@ -828,9 +1313,10 @@ ENTRY(stub_\func) DEFAULT_FRAME 0 8 /* offset 8: return address */ call sys_\func RESTORE_TOP_OF_STACK %r11, 8 @@ -23913,7 +23903,7 @@ index 02553d6..ff1450f4 100644 .endm .macro FIXED_FRAME label,func -@@ -837,9 +1326,10 @@ ENTRY(\label) +@@ -840,9 +1326,10 @@ ENTRY(\label) FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET call \func RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET @@ -23925,7 +23915,7 @@ index 02553d6..ff1450f4 100644 .endm FORK_LIKE clone -@@ -847,19 +1337,6 @@ END(\label) +@@ -850,19 +1337,6 @@ END(\label) FORK_LIKE vfork FIXED_FRAME stub_iopl, sys_iopl @@ -23945,7 +23935,7 @@ index 02553d6..ff1450f4 100644 ENTRY(stub_execve) CFI_STARTPROC addq $8, %rsp -@@ -871,7 +1348,7 @@ ENTRY(stub_execve) +@@ -874,7 +1348,7 @@ ENTRY(stub_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -23954,7 +23944,7 @@ index 02553d6..ff1450f4 100644 /* * sigreturn is special because it needs to restore all registers on return. -@@ -888,7 +1365,7 @@ ENTRY(stub_rt_sigreturn) +@@ -891,7 +1365,7 @@ ENTRY(stub_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -23963,7 +23953,7 @@ index 02553d6..ff1450f4 100644 #ifdef CONFIG_X86_X32_ABI ENTRY(stub_x32_rt_sigreturn) -@@ -902,7 +1379,7 @@ ENTRY(stub_x32_rt_sigreturn) +@@ -905,7 +1379,7 @@ ENTRY(stub_x32_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -23972,7 +23962,7 @@ index 02553d6..ff1450f4 100644 ENTRY(stub_x32_execve) CFI_STARTPROC -@@ -916,7 +1393,7 @@ ENTRY(stub_x32_execve) +@@ -919,7 +1393,7 @@ ENTRY(stub_x32_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -23981,7 +23971,7 @@ index 02553d6..ff1450f4 100644 #endif -@@ -953,7 +1430,7 @@ vector=vector+1 +@@ -956,7 +1430,7 @@ vector=vector+1 2: jmp common_interrupt .endr CFI_ENDPROC @@ -23990,7 +23980,7 @@ index 02553d6..ff1450f4 100644 .previous END(interrupt) -@@ -970,8 +1447,8 @@ END(interrupt) +@@ -973,8 +1447,8 @@ END(interrupt) /* 0(%rsp): ~(interrupt number) */ .macro interrupt func /* reserve pt_regs for scratch regs and rbp */ @@ -24001,7 +23991,7 @@ index 02553d6..ff1450f4 100644 SAVE_ARGS_IRQ call \func .endm -@@ -998,14 +1475,14 @@ ret_from_intr: +@@ -1001,14 +1475,14 @@ ret_from_intr: /* Restore saved previous stack */ popq %rsi @@ -24020,7 +24010,7 @@ index 02553d6..ff1450f4 100644 je retint_kernel /* Interrupt came from user space */ -@@ -1027,12 +1504,35 @@ retint_swapgs: /* return to user-space */ +@@ -1030,12 +1504,35 @@ retint_swapgs: /* return to user-space */ * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) @@ -24056,7 +24046,7 @@ index 02553d6..ff1450f4 100644 /* * The iretq could re-enable interrupts: */ -@@ -1070,15 +1570,15 @@ native_irq_return_ldt: +@@ -1073,15 +1570,15 @@ native_irq_return_ldt: SWAPGS movq PER_CPU_VAR(espfix_waddr),%rdi movq %rax,(0*8)(%rdi) /* RAX */ @@ -24077,7 +24067,7 @@ index 02553d6..ff1450f4 100644 movq %rax,(4*8)(%rdi) andl $0xffff0000,%eax popq_cfi %rdi -@@ -1132,7 +1632,7 @@ ENTRY(retint_kernel) +@@ -1135,7 +1632,7 @@ ENTRY(retint_kernel) jmp exit_intr #endif CFI_ENDPROC @@ -24086,7 +24076,7 @@ index 02553d6..ff1450f4 100644 /* * End of kprobes section -@@ -1151,7 +1651,7 @@ ENTRY(\sym) +@@ -1154,7 +1651,7 @@ ENTRY(\sym) interrupt \do_sym jmp ret_from_intr CFI_ENDPROC @@ -24095,7 +24085,7 @@ index 02553d6..ff1450f4 100644 .endm #ifdef CONFIG_TRACING -@@ -1239,7 +1739,7 @@ ENTRY(\sym) +@@ -1242,7 +1739,7 @@ ENTRY(\sym) call \do_sym jmp error_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -24104,7 +24094,7 @@ index 02553d6..ff1450f4 100644 .endm .macro paranoidzeroentry sym do_sym -@@ -1257,10 +1757,10 @@ ENTRY(\sym) +@@ -1260,10 +1757,10 @@ ENTRY(\sym) call \do_sym jmp paranoid_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -24117,7 +24107,7 @@ index 02553d6..ff1450f4 100644 .macro paranoidzeroentry_ist sym do_sym ist ENTRY(\sym) INTR_FRAME -@@ -1273,12 +1773,18 @@ ENTRY(\sym) +@@ -1276,12 +1773,18 @@ ENTRY(\sym) TRACE_IRQS_OFF_DEBUG movq %rsp,%rdi /* pt_regs pointer */ xorl %esi,%esi /* no error code */ @@ -24137,7 +24127,7 @@ index 02553d6..ff1450f4 100644 .endm .macro errorentry sym do_sym -@@ -1296,7 +1802,7 @@ ENTRY(\sym) +@@ -1299,7 +1802,7 @@ ENTRY(\sym) call \do_sym jmp error_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -24146,7 +24136,7 @@ index 02553d6..ff1450f4 100644 .endm #ifdef CONFIG_TRACING -@@ -1327,7 +1833,7 @@ ENTRY(\sym) +@@ -1330,7 +1833,7 @@ ENTRY(\sym) call \do_sym jmp paranoid_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -24155,7 +24145,7 @@ index 02553d6..ff1450f4 100644 .endm zeroentry divide_error do_divide_error -@@ -1357,9 +1863,10 @@ gs_change: +@@ -1360,9 +1863,10 @@ gs_change: 2: mfence /* workaround */ SWAPGS popfq_cfi @@ -24167,7 +24157,7 @@ index 02553d6..ff1450f4 100644 _ASM_EXTABLE(gs_change,bad_gs) .section .fixup,"ax" -@@ -1387,9 +1894,10 @@ ENTRY(do_softirq_own_stack) +@@ -1390,9 +1894,10 @@ ENTRY(do_softirq_own_stack) CFI_DEF_CFA_REGISTER rsp CFI_ADJUST_CFA_OFFSET -8 decl PER_CPU_VAR(irq_count) @@ -24179,7 +24169,7 @@ index 02553d6..ff1450f4 100644 #ifdef CONFIG_XEN zeroentry xen_hypervisor_callback xen_do_hypervisor_callback -@@ -1427,7 +1935,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) +@@ -1430,7 +1935,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) decl PER_CPU_VAR(irq_count) jmp error_exit CFI_ENDPROC @@ -24188,7 +24178,7 @@ index 02553d6..ff1450f4 100644 /* * Hypervisor uses this for application faults while it executes. -@@ -1486,7 +1994,7 @@ ENTRY(xen_failsafe_callback) +@@ -1489,7 +1994,7 @@ ENTRY(xen_failsafe_callback) SAVE_ALL jmp error_exit CFI_ENDPROC @@ -24197,7 +24187,7 @@ index 02553d6..ff1450f4 100644 apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \ xen_hvm_callback_vector xen_evtchn_do_upcall -@@ -1538,18 +2046,33 @@ ENTRY(paranoid_exit) +@@ -1541,18 +2046,33 @@ ENTRY(paranoid_exit) DEFAULT_FRAME DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF_DEBUG @@ -24233,7 +24223,7 @@ index 02553d6..ff1450f4 100644 jmp irq_return paranoid_userspace: GET_THREAD_INFO(%rcx) -@@ -1578,7 +2101,7 @@ paranoid_schedule: +@@ -1581,7 +2101,7 @@ paranoid_schedule: TRACE_IRQS_OFF jmp paranoid_userspace CFI_ENDPROC @@ -24242,7 +24232,7 @@ index 02553d6..ff1450f4 100644 /* * Exception entry point. This expects an error code/orig_rax on the stack. -@@ -1605,12 +2128,23 @@ ENTRY(error_entry) +@@ -1608,12 +2128,23 @@ ENTRY(error_entry) movq_cfi r14, R14+8 movq_cfi r15, R15+8 xorl %ebx,%ebx @@ -24267,7 +24257,7 @@ index 02553d6..ff1450f4 100644 ret /* -@@ -1644,7 +2178,7 @@ error_bad_iret: +@@ -1647,7 +2178,7 @@ error_bad_iret: decl %ebx /* Return to usergs */ jmp error_sti CFI_ENDPROC @@ -24276,7 +24266,7 @@ index 02553d6..ff1450f4 100644 /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ -@@ -1655,7 +2189,7 @@ ENTRY(error_exit) +@@ -1658,7 +2189,7 @@ ENTRY(error_exit) DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF GET_THREAD_INFO(%rcx) @@ -24285,7 +24275,7 @@ index 02553d6..ff1450f4 100644 jne retint_kernel LOCKDEP_SYS_EXIT_IRQ movl TI_flags(%rcx),%edx -@@ -1664,7 +2198,7 @@ ENTRY(error_exit) +@@ -1667,7 +2198,7 @@ ENTRY(error_exit) jnz retint_careful jmp retint_swapgs CFI_ENDPROC @@ -24294,7 +24284,7 @@ index 02553d6..ff1450f4 100644 /* * Test if a given stack is an NMI stack or not. -@@ -1722,9 +2256,11 @@ ENTRY(nmi) +@@ -1725,9 +2256,11 @@ ENTRY(nmi) * If %cs was not the kernel segment, then the NMI triggered in user * space, which means it is definitely not nested. */ @@ -24307,7 +24297,7 @@ index 02553d6..ff1450f4 100644 /* * Check the special variable on the stack to see if NMIs are * executing. -@@ -1758,8 +2294,7 @@ nested_nmi: +@@ -1761,8 +2294,7 @@ nested_nmi: 1: /* Set up the interrupted NMIs stack to jump to repeat_nmi */ @@ -24317,7 +24307,7 @@ index 02553d6..ff1450f4 100644 CFI_ADJUST_CFA_OFFSET 1*8 leaq -10*8(%rsp), %rdx pushq_cfi $__KERNEL_DS -@@ -1777,6 +2312,7 @@ nested_nmi_out: +@@ -1780,6 +2312,7 @@ nested_nmi_out: CFI_RESTORE rdx /* No need to check faults here */ @@ -24325,7 +24315,7 @@ index 02553d6..ff1450f4 100644 INTERRUPT_RETURN CFI_RESTORE_STATE -@@ -1873,13 +2409,13 @@ end_repeat_nmi: +@@ -1876,13 +2409,13 @@ end_repeat_nmi: subq $ORIG_RAX-R15, %rsp CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 /* @@ -24341,7 +24331,7 @@ index 02553d6..ff1450f4 100644 DEFAULT_FRAME 0 /* -@@ -1889,9 +2425,9 @@ end_repeat_nmi: +@@ -1892,9 +2425,9 @@ end_repeat_nmi: * NMI itself takes a page fault, the page fault that was preempted * will read the information from the NMI page fault and not the * origin fault. Save it off and restore it if it changes. @@ -24353,7 +24343,7 @@ index 02553d6..ff1450f4 100644 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi -@@ -1900,31 +2436,36 @@ end_repeat_nmi: +@@ -1903,31 +2436,36 @@ end_repeat_nmi: /* Did the NMI take a page fault? Restore cr2 if it did */ movq %cr2, %rcx @@ -28713,7 +28703,7 @@ index c697625..a032162 100644 out: diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c -index 38d3751..497a96f 100644 +index 09651d4..cdb8f22 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c @@ -2258,7 +2258,7 @@ static int em_sysenter(struct x86_emulate_ctxt *ctxt) @@ -36091,7 +36081,7 @@ index d6bfb87..876ee18 100644 return NULL; } diff --git a/arch/x86/vdso/vma.c b/arch/x86/vdso/vma.c -index ab6ba35..7ede14e 100644 +index ab6ba35..2a5ff0d 100644 --- a/arch/x86/vdso/vma.c +++ b/arch/x86/vdso/vma.c @@ -16,8 +16,6 @@ @@ -36103,20 +36093,7 @@ index ab6ba35..7ede14e 100644 extern char vdso_start[], vdso_end[]; extern unsigned short vdso_sync_cpuid; -@@ -152,12 +150,6 @@ static unsigned long vdso_addr(unsigned long start, unsigned len) - addr = start; - } - -- /* -- * Forcibly align the final address in case we have a hardware -- * issue that requires alignment for performance reasons. -- */ -- addr = align_vdso_addr(addr); -- - return addr; - } - -@@ -169,30 +161,37 @@ static int setup_additional_pages(struct linux_binprm *bprm, +@@ -169,13 +167,15 @@ static int setup_additional_pages(struct linux_binprm *bprm, unsigned size) { struct mm_struct *mm = current->mm; @@ -36134,16 +36111,9 @@ index ab6ba35..7ede14e 100644 +#endif + addr = vdso_addr(mm->start_stack, size); -+ -+ /* -+ * Forcibly align the final address in case we have a hardware -+ * issue that requires alignment for performance reasons. -+ */ -+ addr = align_vdso_addr(addr); -+ addr = get_unmapped_area(NULL, addr, size, 0, 0); if (IS_ERR_VALUE(addr)) { - ret = addr; +@@ -183,16 +183,14 @@ static int setup_additional_pages(struct linux_binprm *bprm, goto up_fail; } @@ -36163,7 +36133,7 @@ index ab6ba35..7ede14e 100644 up_fail: up_write(&mm->mmap_sem); -@@ -212,10 +211,3 @@ int x32_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) +@@ -212,10 +210,3 @@ int x32_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) vdsox32_size); } #endif @@ -39458,7 +39428,7 @@ index 8b4fa2c..5f81848 100644 new_smi->interrupt_disabled = 1; atomic_set(&new_smi->stop_operation, 0); diff --git a/drivers/char/mem.c b/drivers/char/mem.c -index 92c5937..1be4e4d 100644 +index 92c5937..2cc937b 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -18,6 +18,7 @@ @@ -39506,15 +39476,17 @@ index 92c5937..1be4e4d 100644 #else static inline int range_is_allowed(unsigned long pfn, unsigned long size) { -@@ -119,6 +133,7 @@ static ssize_t read_mem(struct file *file, char __user *buf, +@@ -118,7 +132,8 @@ static ssize_t read_mem(struct file *file, char __user *buf, + #endif while (count > 0) { - unsigned long remaining; +- unsigned long remaining; ++ unsigned long remaining = 0; + char *temp; sz = size_inside_page(p, count); -@@ -134,7 +149,23 @@ static ssize_t read_mem(struct file *file, char __user *buf, +@@ -134,7 +149,24 @@ static ssize_t read_mem(struct file *file, char __user *buf, if (!ptr) return -EFAULT; @@ -39525,12 +39497,13 @@ index 92c5937..1be4e4d 100644 + unxlate_dev_mem_ptr(p, ptr); + return -ENOMEM; + } -+ memcpy(temp, ptr, sz); ++ remaining = probe_kernel_read(temp, ptr, sz); +#else + temp = ptr; +#endif + -+ remaining = copy_to_user(buf, temp, sz); ++ if (!remaining) ++ remaining = copy_to_user(buf, temp, sz); + +#ifdef CONFIG_PAX_USERCOPY + kfree(temp); @@ -39539,7 +39512,7 @@ index 92c5937..1be4e4d 100644 unxlate_dev_mem_ptr(p, ptr); if (remaining) return -EFAULT; -@@ -363,9 +394,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf, +@@ -363,9 +395,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf, size_t count, loff_t *ppos) { unsigned long p = *ppos; @@ -39550,7 +39523,7 @@ index 92c5937..1be4e4d 100644 read = 0; if (p < (unsigned long) high_memory) { -@@ -387,6 +417,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf, +@@ -387,6 +418,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf, } #endif while (low_count > 0) { @@ -39559,7 +39532,7 @@ index 92c5937..1be4e4d 100644 sz = size_inside_page(p, low_count); /* -@@ -396,7 +428,22 @@ static ssize_t read_kmem(struct file *file, char __user *buf, +@@ -396,7 +429,23 @@ static ssize_t read_kmem(struct file *file, char __user *buf, */ kbuf = xlate_dev_kmem_ptr((char *)p); @@ -39568,12 +39541,13 @@ index 92c5937..1be4e4d 100644 + temp = kmalloc(sz, GFP_KERNEL|GFP_USERCOPY); + if (!temp) + return -ENOMEM; -+ memcpy(temp, kbuf, sz); ++ err = probe_kernel_read(temp, kbuf, sz); +#else + temp = kbuf; +#endif + -+ err = copy_to_user(buf, temp, sz); ++ if (!err) ++ err = copy_to_user(buf, temp, sz); + +#ifdef CONFIG_PAX_USERCOPY + kfree(temp); @@ -39583,7 +39557,7 @@ index 92c5937..1be4e4d 100644 return -EFAULT; buf += sz; p += sz; -@@ -821,6 +868,9 @@ static const struct memdev { +@@ -821,6 +870,9 @@ static const struct memdev { #ifdef CONFIG_PRINTK [11] = { "kmsg", 0644, &kmsg_fops, NULL }, #endif @@ -39593,7 +39567,7 @@ index 92c5937..1be4e4d 100644 }; static int memory_open(struct inode *inode, struct file *filp) -@@ -892,7 +942,7 @@ static int __init chr_dev_init(void) +@@ -892,7 +944,7 @@ static int __init chr_dev_init(void) continue; device_create(mem_class, NULL, MKDEV(MEM_MAJOR, minor), @@ -43398,6 +43372,25 @@ index 9f5ad7c..588cd84 100644 wake_up_process(pool->thread); } } +diff --git a/drivers/infiniband/core/umem.c b/drivers/infiniband/core/umem.c +index a841123..055ebeb 100644 +--- a/drivers/infiniband/core/umem.c ++++ b/drivers/infiniband/core/umem.c +@@ -94,6 +94,14 @@ struct ib_umem *ib_umem_get(struct ib_ucontext *context, unsigned long addr, + if (dmasync) + dma_set_attr(DMA_ATTR_WRITE_BARRIER, &attrs); + ++ /* ++ * If the combination of the addr and size requested for this memory ++ * region causes an integer overflow, return error. ++ */ ++ if ((PAGE_ALIGN(addr + size) <= size) || ++ (PAGE_ALIGN(addr + size) <= addr)) ++ return ERR_PTR(-EINVAL); ++ + if (!can_do_mlock()) + return ERR_PTR(-EPERM); + diff --git a/drivers/infiniband/hw/cxgb4/mem.c b/drivers/infiniband/hw/cxgb4/mem.c index 41b1195..27971a0 100644 --- a/drivers/infiniband/hw/cxgb4/mem.c @@ -44085,7 +44078,7 @@ index eb62461..2b7fc71 100644 /* Blow away the connection if it exists. */ diff --git a/drivers/infiniband/hw/qib/qib.h b/drivers/infiniband/hw/qib/qib.h -index 1946101..09766d2 100644 +index 675d3c7..65d72bc 100644 --- a/drivers/infiniband/hw/qib/qib.h +++ b/drivers/infiniband/hw/qib/qib.h @@ -52,6 +52,7 @@ @@ -44749,7 +44742,7 @@ index e2d4e58..40cd045 100644 /* error message helper function */ diff --git a/drivers/isdn/icn/icn.c b/drivers/isdn/icn/icn.c -index 53d487f..cae33fe 100644 +index 53d487f..b4987ea 100644 --- a/drivers/isdn/icn/icn.c +++ b/drivers/isdn/icn/icn.c @@ -1045,7 +1045,7 @@ icn_writecmd(const u_char *buf, int len, int user, icn_card *card) @@ -44793,6 +44786,15 @@ index 53d487f..cae33fe 100644 i = icn_writecmd(cbuf, strlen(cbuf), 0, card); } break; +@@ -1610,7 +1609,7 @@ icn_setup(char *line) + if (ints[0] > 1) + membase = (unsigned long)ints[2]; + if (str && *str) { +- strcpy(sid, str); ++ strlcpy(sid, str, sizeof(sid)); + icn_id = sid; + if ((p = strchr(sid, ','))) { + *p++ = 0; diff --git a/drivers/isdn/mISDN/dsp_cmx.c b/drivers/isdn/mISDN/dsp_cmx.c index a4f05c5..1433bc5 100644 --- a/drivers/isdn/mISDN/dsp_cmx.c @@ -45023,7 +45025,7 @@ index 5152142..623d141 100644 DMWARN("name not supplied when creating device"); return -EINVAL; diff --git a/drivers/md/dm-raid1.c b/drivers/md/dm-raid1.c -index 7dfdb5c..4caada6 100644 +index 089d627..ef7352e 100644 --- a/drivers/md/dm-raid1.c +++ b/drivers/md/dm-raid1.c @@ -40,7 +40,7 @@ enum dm_raid1_error { @@ -45080,7 +45082,7 @@ index 7dfdb5c..4caada6 100644 m = NULL; if (likely(m)) -@@ -927,7 +927,7 @@ static int get_mirror(struct mirror_set *ms, struct dm_target *ti, +@@ -936,7 +936,7 @@ static int get_mirror(struct mirror_set *ms, struct dm_target *ti, } ms->mirror[mirror].ms = ms; @@ -45089,7 +45091,7 @@ index 7dfdb5c..4caada6 100644 ms->mirror[mirror].error_type = 0; ms->mirror[mirror].offset = offset; -@@ -1342,7 +1342,7 @@ static void mirror_resume(struct dm_target *ti) +@@ -1351,7 +1351,7 @@ static void mirror_resume(struct dm_target *ti) */ static char device_status_char(struct mirror *m) { @@ -45209,7 +45211,7 @@ index e9d33ad..dae9880d 100644 pmd->bl_info.value_type.inc = data_block_inc; pmd->bl_info.value_type.dec = data_block_dec; diff --git a/drivers/md/dm.c b/drivers/md/dm.c -index 65ee3a0..1852af9 100644 +index 1582c3da..2a5ea0b 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -187,9 +187,9 @@ struct mapped_device { @@ -45244,7 +45246,7 @@ index 65ee3a0..1852af9 100644 wake_up(&md->eventq); } -@@ -2747,18 +2747,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, +@@ -2740,18 +2740,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, uint32_t dm_next_uevent_seq(struct mapped_device *md) { @@ -45918,6 +45920,19 @@ index 2fd9009..278cc1e 100644 radio = devm_kzalloc(&pdev->dev, sizeof(*radio), GFP_KERNEL); if (!radio) +diff --git a/drivers/media/radio/wl128x/fmdrv_common.c b/drivers/media/radio/wl128x/fmdrv_common.c +index 4b2e9e8..c2900d9 100644 +--- a/drivers/media/radio/wl128x/fmdrv_common.c ++++ b/drivers/media/radio/wl128x/fmdrv_common.c +@@ -71,7 +71,7 @@ module_param(default_rds_buf, uint, 0444); + MODULE_PARM_DESC(rds_buf, "RDS buffer entries"); + + /* Radio Nr */ +-static u32 radio_nr = -1; ++static int radio_nr = -1; + module_param(radio_nr, int, 0444); + MODULE_PARM_DESC(radio_nr, "Radio Nr"); + diff --git a/drivers/media/usb/dvb-usb/cinergyT2-core.c b/drivers/media/usb/dvb-usb/cinergyT2-core.c index 9fd1527..8927230 100644 --- a/drivers/media/usb/dvb-usb/cinergyT2-core.c @@ -48385,7 +48400,7 @@ index fbf7dcd..ad71499 100644 }; diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c -index 07c942b..747b848 100644 +index e8c21f9..747b848 100644 --- a/drivers/net/macvtap.c +++ b/drivers/net/macvtap.c @@ -422,7 +422,7 @@ static void macvtap_setup(struct net_device *dev) @@ -48397,33 +48412,7 @@ index 07c942b..747b848 100644 .kind = "macvtap", .setup = macvtap_setup, .newlink = macvtap_newlink, -@@ -637,12 +637,15 @@ static void macvtap_skb_to_vnet_hdr(const struct sk_buff *skb, - } /* else everything is zero */ - } - -+/* Neighbour code has some assumptions on HH_DATA_MOD alignment */ -+#define MACVTAP_RESERVE HH_DATA_OFF(ETH_HLEN) -+ - /* Get packet from user space buffer */ - static ssize_t macvtap_get_user(struct macvtap_queue *q, struct msghdr *m, - const struct iovec *iv, unsigned long total_len, - size_t count, int noblock) - { -- int good_linear = SKB_MAX_HEAD(NET_IP_ALIGN); -+ int good_linear = SKB_MAX_HEAD(MACVTAP_RESERVE); - struct sk_buff *skb; - struct macvlan_dev *vlan; - unsigned long len = total_len; -@@ -701,7 +704,7 @@ static ssize_t macvtap_get_user(struct macvtap_queue *q, struct msghdr *m, - linear = vnet_hdr.hdr_len; - } - -- skb = macvtap_alloc_skb(&q->sk, NET_IP_ALIGN, copylen, -+ skb = macvtap_alloc_skb(&q->sk, MACVTAP_RESERVE, copylen, - linear, noblock, &err); - if (!skb) - goto err; -@@ -1023,7 +1026,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd, +@@ -1026,7 +1026,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd, } ret = 0; @@ -48432,7 +48421,7 @@ index 07c942b..747b848 100644 put_user(q->flags, &ifr->ifr_flags)) ret = -EFAULT; macvtap_put_vlan(vlan); -@@ -1193,7 +1196,7 @@ static int macvtap_device_event(struct notifier_block *unused, +@@ -1196,7 +1196,7 @@ static int macvtap_device_event(struct notifier_block *unused, return NOTIFY_DONE; } @@ -48454,6 +48443,37 @@ index d2bb12b..d6c921e 100644 .kind = "nlmon", .priv_size = sizeof(struct nlmon), .setup = nlmon_setup, +diff --git a/drivers/net/phy/phy_device.c b/drivers/net/phy/phy_device.c +index 25f7419..62ed80a7 100644 +--- a/drivers/net/phy/phy_device.c ++++ b/drivers/net/phy/phy_device.c +@@ -216,7 +216,7 @@ EXPORT_SYMBOL(phy_device_create); + * zero on success. + * + */ +-static int get_phy_c45_ids(struct mii_bus *bus, int addr, u32 *phy_id, ++static int get_phy_c45_ids(struct mii_bus *bus, int addr, int *phy_id, + struct phy_c45_device_ids *c45_ids) { + int phy_reg; + int i, reg_addr; +@@ -286,7 +286,7 @@ static int get_phy_c45_ids(struct mii_bus *bus, int addr, u32 *phy_id, + * its return value is in turn returned. + * + */ +-static int get_phy_id(struct mii_bus *bus, int addr, u32 *phy_id, ++static int get_phy_id(struct mii_bus *bus, int addr, int *phy_id, + bool is_c45, struct phy_c45_device_ids *c45_ids) + { + int phy_reg; +@@ -324,7 +324,7 @@ static int get_phy_id(struct mii_bus *bus, int addr, u32 *phy_id, + struct phy_device *get_phy_device(struct mii_bus *bus, int addr, bool is_c45) + { + struct phy_c45_device_ids c45_ids = {0}; +- u32 phy_id = 0; ++ int phy_id = 0; + int r; + + r = get_phy_id(bus, addr, &phy_id, is_c45, &c45_ids); diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c index 5a1897d..e860630 100644 --- a/drivers/net/ppp/ppp_generic.c @@ -48490,10 +48510,10 @@ index 1252d9c..80e660b 100644 /* We've got a compressed packet; read the change byte */ diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c -index 32efe83..cef96b8 100644 +index c28e2da..f58845e 100644 --- a/drivers/net/team/team.c +++ b/drivers/net/team/team.c -@@ -2098,7 +2098,7 @@ static unsigned int team_get_num_rx_queues(void) +@@ -2096,7 +2096,7 @@ static unsigned int team_get_num_rx_queues(void) return TEAM_DEFAULT_NUM_RX_QUEUES; } @@ -48502,7 +48522,7 @@ index 32efe83..cef96b8 100644 .kind = DRV_NAME, .priv_size = sizeof(struct team), .setup = team_setup, -@@ -2886,7 +2886,7 @@ static int team_device_event(struct notifier_block *unused, +@@ -2884,7 +2884,7 @@ static int team_device_event(struct notifier_block *unused, return NOTIFY_DONE; } @@ -51932,7 +51952,7 @@ index e8abb73..faa6fbe 100644 if (!sdp->request_queue->rq_timeout) { if (sdp->type != TYPE_MOD) diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c -index df5e961..df6b97f 100644 +index eb81c98..e6716ae 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c @@ -1102,7 +1102,7 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg) @@ -52505,6 +52525,122 @@ index dc23395..cf7e9b1 100644 struct io_req { struct list_head list; +diff --git a/drivers/staging/rts5139/rts51x_transport.c b/drivers/staging/rts5139/rts51x_transport.c +index c172f4a..ad5aeb6 100644 +--- a/drivers/staging/rts5139/rts51x_transport.c ++++ b/drivers/staging/rts5139/rts51x_transport.c +@@ -339,11 +339,18 @@ int rts51x_ctrl_transfer(struct rts51x_chip *chip, unsigned int pipe, + void *data, u16 size, int timeout) + { + struct rts51x_usb *rts51x = chip->usb; ++ void *buf = kmalloc(size, GFP_KERNEL); + int result; ++ int ret; ++ ++ if (buf == NULL) ++ TRACE_RET(chip, STATUS_ERROR); + + RTS51X_DEBUGP("%s: rq=%02x rqtype=%02x value=%04x index=%02x len=%u\n", + __func__, request, requesttype, value, index, size); + ++ memcpy(buf, data, size); ++ + /* fill in the devrequest structure */ + rts51x->cr->bRequestType = requesttype; + rts51x->cr->bRequest = request; +@@ -353,12 +360,17 @@ int rts51x_ctrl_transfer(struct rts51x_chip *chip, unsigned int pipe, + + /* fill and submit the URB */ + usb_fill_control_urb(rts51x->current_urb, rts51x->pusb_dev, pipe, +- (unsigned char *)rts51x->cr, data, size, ++ (unsigned char *)rts51x->cr, buf, size, + urb_done_completion, NULL); + result = rts51x_msg_common(chip, rts51x->current_urb, timeout); + +- return interpret_urb_result(chip, pipe, size, result, ++ ret = interpret_urb_result(chip, pipe, size, result, + rts51x->current_urb->actual_length); ++ memcpy(data, buf, size); ++ ++ kfree(buf); ++ ++ return ret; + } + + static int rts51x_clear_halt(struct rts51x_chip *chip, unsigned int pipe) +@@ -535,17 +547,30 @@ static int rts51x_bulk_transfer_buf(struct rts51x_chip *chip, + unsigned int *act_len, int timeout) + { + int result; ++ int ret; ++ void *newbuf = kmalloc(length, GFP_KERNEL); ++ ++ if (newbuf == NULL) ++ TRACE_RET(chip, STATUS_ERROR); ++ ++ memcpy(newbuf, buf, length); + + /* fill and submit the URB */ + usb_fill_bulk_urb(chip->usb->current_urb, chip->usb->pusb_dev, pipe, +- buf, length, urb_done_completion, NULL); ++ newbuf, length, urb_done_completion, NULL); + result = rts51x_msg_common(chip, chip->usb->current_urb, timeout); + + /* store the actual length of the data transferred */ + if (act_len) + *act_len = chip->usb->current_urb->actual_length; +- return interpret_urb_result(chip, pipe, length, result, ++ ret = interpret_urb_result(chip, pipe, length, result, + chip->usb->current_urb->actual_length); ++ ++ memcpy(buf, newbuf, length); ++ ++ kfree(newbuf); ++ ++ return ret; + } + + int rts51x_transfer_data(struct rts51x_chip *chip, unsigned int pipe, +@@ -624,11 +649,19 @@ int rts51x_get_epc_status(struct rts51x_chip *chip, u16 *status) + unsigned int pipe = RCV_INTR_PIPE(chip); + struct usb_host_endpoint *ep; + struct completion urb_done; ++ u16 *buf_status; + int result; ++ int ret; + + if (!status) + TRACE_RET(chip, STATUS_ERROR); + ++ buf_status = kmalloc(sizeof(*status), GFP_KERNEL); ++ if (buf_status == NULL) ++ TRACE_RET(chip, STATUS_ERROR); ++ ++ *buf_status = *status; ++ + /* set up data structures for the wakeup system */ + init_completion(&urb_done); + +@@ -638,12 +671,17 @@ int rts51x_get_epc_status(struct rts51x_chip *chip, u16 *status) + /* Set interval to 10 here to match the endpoint descriptor, + * the polling interval is controlled by the polling thread */ + usb_fill_int_urb(chip->usb->intr_urb, chip->usb->pusb_dev, pipe, +- status, 2, urb_done_completion, &urb_done, 10); ++ buf_status, 2, urb_done_completion, &urb_done, 10); + + result = rts51x_msg_common(chip, chip->usb->intr_urb, 100); + +- return interpret_urb_result(chip, pipe, 2, result, ++ ret = interpret_urb_result(chip, pipe, 2, result, + chip->usb->intr_urb->actual_length); ++ *status = *buf_status; ++ ++ kfree(buf_status); ++ ++ return ret; + } + + u8 media_not_present[] = { diff --git a/drivers/staging/sbe-2t3e3/netdev.c b/drivers/staging/sbe-2t3e3/netdev.c index 1f5088b..0e59820 100644 --- a/drivers/staging/sbe-2t3e3/netdev.c @@ -53886,7 +54022,7 @@ index ce396ec..04a37be 100644 if (get_user(c, buf)) diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c -index 25d0741..36e7237 100644 +index 39988fa..f36ed8a 100644 --- a/drivers/tty/tty_io.c +++ b/drivers/tty/tty_io.c @@ -3480,7 +3480,7 @@ EXPORT_SYMBOL_GPL(get_current_tty); @@ -54284,7 +54420,7 @@ index 2a3bbdf..91d72cf 100644 file->f_version = event_count; return POLLIN | POLLRDNORM; diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c -index 9ca7716..a2ccc2e 100644 +index 45b7b96..e016243 100644 --- a/drivers/usb/core/devio.c +++ b/drivers/usb/core/devio.c @@ -187,7 +187,7 @@ static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes, @@ -58372,34 +58508,19 @@ index 6530ced..4a827e2 100644 goto out_sig; if (offset > inode->i_sb->s_maxbytes) diff --git a/fs/autofs4/dev-ioctl.c b/fs/autofs4/dev-ioctl.c -index 3182c0e..23b078e 100644 +index e3399dc..23b078e 100644 --- a/fs/autofs4/dev-ioctl.c +++ b/fs/autofs4/dev-ioctl.c -@@ -95,7 +95,7 @@ static int check_dev_ioctl_version(int cmd, struct autofs_dev_ioctl *param) - */ - static struct autofs_dev_ioctl *copy_dev_ioctl(struct autofs_dev_ioctl __user *in) - { -- struct autofs_dev_ioctl tmp; -+ struct autofs_dev_ioctl tmp, *res; - - if (copy_from_user(&tmp, in, sizeof(tmp))) - return ERR_PTR(-EFAULT); -@@ -103,7 +103,14 @@ static struct autofs_dev_ioctl *copy_dev_ioctl(struct autofs_dev_ioctl __user *i +@@ -103,6 +103,9 @@ static struct autofs_dev_ioctl *copy_dev_ioctl(struct autofs_dev_ioctl __user *i if (tmp.size < sizeof(tmp)) return ERR_PTR(-EINVAL); -- return memdup_user(in, tmp.size); + if (tmp.size > (PATH_MAX + sizeof(tmp))) + return ERR_PTR(-ENAMETOOLONG); + -+ res = memdup_user(in, tmp.size); -+ if (!IS_ERR(res)) -+ res->size = tmp.size; -+ -+ return res; - } - - static inline void free_dev_ioctl(struct autofs_dev_ioctl *param) + res = memdup_user(in, tmp.size); + if (!IS_ERR(res)) + res->size = tmp.size; diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c index 116fd38..c04182da 100644 --- a/fs/autofs4/waitq.c @@ -60945,30 +61066,10 @@ index 4366127..b8c2cf9 100644 dcache_init(); inode_init(); diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c -index 1576195..5bf8b25 100644 +index 1ff8fe5..5bf8b25 100644 --- a/fs/debugfs/inode.c +++ b/fs/debugfs/inode.c -@@ -245,10 +245,19 @@ static int debugfs_show_options(struct seq_file *m, struct dentry *root) - return 0; - } - -+static void debugfs_evict_inode(struct inode *inode) -+{ -+ truncate_inode_pages(&inode->i_data, 0); -+ clear_inode(inode); -+ if (S_ISLNK(inode->i_mode)) -+ kfree(inode->i_private); -+} -+ - static const struct super_operations debugfs_super_operations = { - .statfs = simple_statfs, - .remount_fs = debugfs_remount, - .show_options = debugfs_show_options, -+ .evict_inode = debugfs_evict_inode, - }; - - static int debug_fill_super(struct super_block *sb, void *data, int silent) -@@ -415,7 +424,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file); +@@ -424,7 +424,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file); */ struct dentry *debugfs_create_dir(const char *name, struct dentry *parent) { @@ -60980,38 +61081,6 @@ index 1576195..5bf8b25 100644 parent, NULL, NULL); } EXPORT_SYMBOL_GPL(debugfs_create_dir); -@@ -465,23 +478,14 @@ static int __debugfs_remove(struct dentry *dentry, struct dentry *parent) - int ret = 0; - - if (debugfs_positive(dentry)) { -- if (dentry->d_inode) { -- dget(dentry); -- switch (dentry->d_inode->i_mode & S_IFMT) { -- case S_IFDIR: -- ret = simple_rmdir(parent->d_inode, dentry); -- break; -- case S_IFLNK: -- kfree(dentry->d_inode->i_private); -- /* fall through */ -- default: -- simple_unlink(parent->d_inode, dentry); -- break; -- } -- if (!ret) -- d_delete(dentry); -- dput(dentry); -- } -+ dget(dentry); -+ if (S_ISDIR(dentry->d_inode->i_mode)) -+ ret = simple_rmdir(parent->d_inode, dentry); -+ else -+ simple_unlink(parent->d_inode, dentry); -+ if (!ret) -+ d_delete(dentry); -+ dput(dentry); - } - return ret; - } diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c index a85ceb7..5097313b 100644 --- a/fs/ecryptfs/inode.c @@ -62175,6 +62244,48 @@ index 1268a1b..adf949f 100644 __ext4_warning(sb, function, line, "MMP failure info: last update time: %llu, last update " "node: %s, last update device: %s\n", +diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c +index 2400ad1..0bc93ab 100644 +--- a/fs/ext4/resize.c ++++ b/fs/ext4/resize.c +@@ -400,7 +400,7 @@ static int set_flexbg_block_bitmap(struct super_block *sb, handle_t *handle, + + ext4_debug("mark blocks [%llu/%u] used\n", block, count); + for (count2 = count; count > 0; count -= count2, block += count2) { +- ext4_fsblk_t start; ++ ext4_fsblk_t start, diff; + struct buffer_head *bh; + ext4_group_t group; + int err; +@@ -409,10 +409,6 @@ static int set_flexbg_block_bitmap(struct super_block *sb, handle_t *handle, + start = ext4_group_first_block_no(sb, group); + group -= flex_gd->groups[0].group; + +- count2 = EXT4_BLOCKS_PER_GROUP(sb) - (block - start); +- if (count2 > count) +- count2 = count; +- + if (flex_gd->bg_flags[group] & EXT4_BG_BLOCK_UNINIT) { + BUG_ON(flex_gd->count > 1); + continue; +@@ -429,9 +425,15 @@ static int set_flexbg_block_bitmap(struct super_block *sb, handle_t *handle, + err = ext4_journal_get_write_access(handle, bh); + if (err) + return err; ++ ++ diff = block - start; ++ count2 = EXT4_BLOCKS_PER_GROUP(sb) - diff; ++ if (count2 > count) ++ count2 = count; ++ + ext4_debug("mark block bitmap %#04llx (+%llu/%u)\n", block, +- block - start, count2); +- ext4_set_bits(bh->b_data, block - start, count2); ++ diff, count2); ++ ext4_set_bits(bh->b_data, diff, count2); + + err = ext4_handle_dirty_metadata(handle, NULL, bh); + if (unlikely(err)) diff --git a/fs/ext4/super.c b/fs/ext4/super.c index 9fb3e6c..9a82508 100644 --- a/fs/ext4/super.c @@ -66643,10 +66754,10 @@ index 985ea88..d118a0a 100644 } diff --git a/fs/proc/generic.c b/fs/proc/generic.c -index b7f268e..3bea6b7 100644 +index 2e2d9d5..0ac3d4e 100644 --- a/fs/proc/generic.c +++ b/fs/proc/generic.c -@@ -23,6 +23,7 @@ +@@ -22,6 +22,7 @@ #include <linux/bitops.h> #include <linux/spinlock.h> #include <linux/completion.h> @@ -66654,7 +66765,7 @@ index b7f268e..3bea6b7 100644 #include <asm/uaccess.h> #include "internal.h" -@@ -207,6 +208,15 @@ struct dentry *proc_lookup(struct inode *dir, struct dentry *dentry, +@@ -195,6 +196,15 @@ struct dentry *proc_lookup(struct inode *dir, struct dentry *dentry, return proc_lookup_de(PDE(dir), dir, dentry); } @@ -66670,7 +66781,7 @@ index b7f268e..3bea6b7 100644 /* * This returns non-zero if at EOF, so that the /proc * root directory can use this and check if it should -@@ -264,6 +274,16 @@ int proc_readdir(struct file *file, struct dir_context *ctx) +@@ -252,6 +262,16 @@ int proc_readdir(struct file *file, struct dir_context *ctx) return proc_readdir_de(PDE(inode), file, ctx); } @@ -66687,7 +66798,7 @@ index b7f268e..3bea6b7 100644 /* * These are the generic /proc directory operations. They * use the in-memory "struct proc_dir_entry" tree to parse -@@ -275,6 +295,12 @@ static const struct file_operations proc_dir_operations = { +@@ -263,6 +283,12 @@ static const struct file_operations proc_dir_operations = { .iterate = proc_readdir, }; @@ -66700,7 +66811,7 @@ index b7f268e..3bea6b7 100644 /* * proc directories can do almost nothing.. */ -@@ -284,6 +310,12 @@ static const struct inode_operations proc_dir_inode_operations = { +@@ -272,6 +298,12 @@ static const struct inode_operations proc_dir_inode_operations = { .setattr = proc_notify_change, }; @@ -66713,7 +66824,7 @@ index b7f268e..3bea6b7 100644 static int proc_register(struct proc_dir_entry * dir, struct proc_dir_entry * dp) { struct proc_dir_entry *tmp; -@@ -294,8 +326,13 @@ static int proc_register(struct proc_dir_entry * dir, struct proc_dir_entry * dp +@@ -282,8 +314,13 @@ static int proc_register(struct proc_dir_entry * dir, struct proc_dir_entry * dp return ret; if (S_ISDIR(dp->mode)) { @@ -66729,7 +66840,7 @@ index b7f268e..3bea6b7 100644 dir->nlink++; } else if (S_ISLNK(dp->mode)) { dp->proc_iops = &proc_link_inode_operations; -@@ -407,6 +444,27 @@ struct proc_dir_entry *proc_mkdir_data(const char *name, umode_t mode, +@@ -395,6 +432,27 @@ struct proc_dir_entry *proc_mkdir_data(const char *name, umode_t mode, } EXPORT_SYMBOL_GPL(proc_mkdir_data); @@ -66757,7 +66868,7 @@ index b7f268e..3bea6b7 100644 struct proc_dir_entry *proc_mkdir_mode(const char *name, umode_t mode, struct proc_dir_entry *parent) { -@@ -421,6 +479,13 @@ struct proc_dir_entry *proc_mkdir(const char *name, +@@ -409,6 +467,13 @@ struct proc_dir_entry *proc_mkdir(const char *name, } EXPORT_SYMBOL(proc_mkdir); @@ -66772,13 +66883,13 @@ index b7f268e..3bea6b7 100644 struct proc_dir_entry *parent, const struct file_operations *proc_fops, diff --git a/fs/proc/inode.c b/fs/proc/inode.c -index 124fc43..8afbb02 100644 +index 2f2815f..07fa320 100644 --- a/fs/proc/inode.c +++ b/fs/proc/inode.c -@@ -23,11 +23,17 @@ - #include <linux/slab.h> +@@ -24,11 +24,17 @@ #include <linux/mount.h> #include <linux/magic.h> + #include <linux/namei.h> +#include <linux/grsecurity.h> #include <asm/uaccess.h> @@ -66793,7 +66904,7 @@ index 124fc43..8afbb02 100644 static void proc_evict_inode(struct inode *inode) { struct proc_dir_entry *de; -@@ -55,6 +61,13 @@ static void proc_evict_inode(struct inode *inode) +@@ -56,6 +62,13 @@ static void proc_evict_inode(struct inode *inode) ns = PROC_I(inode)->ns.ns; if (ns_ops && ns) ns_ops->put(ns); @@ -66807,7 +66918,7 @@ index 124fc43..8afbb02 100644 } static struct kmem_cache * proc_inode_cachep; -@@ -413,7 +426,11 @@ struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de) +@@ -434,7 +447,11 @@ struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de) if (de->mode) { inode->i_mode = de->mode; inode->i_uid = de->uid; @@ -66820,7 +66931,7 @@ index 124fc43..8afbb02 100644 if (de->size) inode->i_size = de->size; diff --git a/fs/proc/internal.h b/fs/proc/internal.h -index 651d09a..6a4b495 100644 +index 8b8ca1d..d15474f 100644 --- a/fs/proc/internal.h +++ b/fs/proc/internal.h @@ -46,9 +46,10 @@ struct proc_dir_entry { @@ -85289,6 +85400,19 @@ index 5f2e559..7d59314 100644 /** * struct hotplug_slot_info - used to notify the hotplug pci core of the state of the slot +diff --git a/include/linux/percpu.h b/include/linux/percpu.h +index e3817d2..74af65b 100644 +--- a/include/linux/percpu.h ++++ b/include/linux/percpu.h +@@ -59,7 +59,7 @@ + * preallocate for this. Keep PERCPU_DYNAMIC_RESERVE equal to or + * larger than PERCPU_DYNAMIC_EARLY_SIZE. + */ +-#define PERCPU_DYNAMIC_EARLY_SLOTS 128 ++#define PERCPU_DYNAMIC_EARLY_SLOTS 256 + #define PERCPU_DYNAMIC_EARLY_SIZE (12 << 10) + + /* diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h index e56b07f..aef789b 100644 --- a/include/linux/perf_event.h @@ -88257,7 +88381,7 @@ index 9a00147..d814573 100644 struct snd_soc_platform { const char *name; diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h -index 1772fad..282e3e2 100644 +index 34932540..8d54ec7 100644 --- a/include/target/target_core_base.h +++ b/include/target/target_core_base.h @@ -754,7 +754,7 @@ struct se_device { @@ -88651,7 +88775,7 @@ index 30f5362..8ed8ac9 100644 void *pmi_pal; u8 *vbe_state_orig; /* diff --git a/init/Kconfig b/init/Kconfig -index 8b9521a..8a3cc34 100644 +index 8b9521a..8a3cc34d 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -1079,6 +1079,7 @@ endif # CGROUPS @@ -92892,8 +93016,21 @@ index f1fe7ec..7d4e641 100644 break; if (pm_wakeup_pending()) { +diff --git a/kernel/printk/console_cmdline.h b/kernel/printk/console_cmdline.h +index cbd69d8..2ca4a8b 100644 +--- a/kernel/printk/console_cmdline.h ++++ b/kernel/printk/console_cmdline.h +@@ -3,7 +3,7 @@ + + struct console_cmdline + { +- char name[8]; /* Name of the driver */ ++ char name[16]; /* Name of the driver */ + int index; /* Minor dev. to use */ + char *options; /* Options for the driver */ + #ifdef CONFIG_A11Y_BRAILLE_CONSOLE diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c -index 8c086e6..a52bc51 100644 +index 8c086e6..bf7e534 100644 --- a/kernel/printk/printk.c +++ b/kernel/printk/printk.c @@ -385,6 +385,11 @@ static int check_syslog_permissions(int type, bool from_file) @@ -92908,6 +93045,14 @@ index 8c086e6..a52bc51 100644 if (syslog_action_restricted(type)) { if (capable(CAP_SYSLOG)) return 0; +@@ -2280,6 +2285,7 @@ void register_console(struct console *newcon) + for (i = 0, c = console_cmdline; + i < MAX_CMDLINECONSOLES && c->name[0]; + i++, c++) { ++ BUILD_BUG_ON(sizeof(c->name) != sizeof(newcon->name)); + if (strcmp(c->name, newcon->name) != 0) + continue; + if (newcon->index >= 0 && diff --git a/kernel/profile.c b/kernel/profile.c index ebdd9c1..612ee05 100644 --- a/kernel/profile.c @@ -96724,7 +96869,7 @@ index b32b70c..e512eb0 100644 set_page_address(page, (void *)vaddr); diff --git a/mm/hugetlb.c b/mm/hugetlb.c -index 472259b..7a58e99 100644 +index c3e8660..3499fac 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -2070,6 +2070,7 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, @@ -96771,7 +96916,7 @@ index 472259b..7a58e99 100644 if (ret) goto out; -@@ -2629,6 +2633,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2630,6 +2634,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, return 1; } @@ -96799,7 +96944,7 @@ index 472259b..7a58e99 100644 /* * Hugetlb_cow() should be called with page lock of the original hugepage held. * Called with hugetlb_instantiation_mutex held and pte_page locked so we -@@ -2745,6 +2770,11 @@ retry_avoidcopy: +@@ -2746,6 +2771,11 @@ retry_avoidcopy: make_huge_pte(vma, new_page, 1)); page_remove_rmap(old_page); hugepage_add_new_anon_rmap(new_page, vma, address); @@ -96811,7 +96956,7 @@ index 472259b..7a58e99 100644 /* Make the old page be freed below */ new_page = old_page; } -@@ -2909,6 +2939,10 @@ retry: +@@ -2910,6 +2940,10 @@ retry: && (vma->vm_flags & VM_SHARED))); set_huge_pte_at(mm, address, ptep, new_pte); @@ -96822,7 +96967,7 @@ index 472259b..7a58e99 100644 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) { /* Optimization, do the COW without a second fault */ ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page, ptl); -@@ -2939,6 +2973,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2940,6 +2974,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, static DEFINE_MUTEX(hugetlb_instantiation_mutex); struct hstate *h = hstate_vma(vma); @@ -96833,7 +96978,7 @@ index 472259b..7a58e99 100644 address &= huge_page_mask(h); ptep = huge_pte_offset(mm, address); -@@ -2952,6 +2990,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2953,6 +2991,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, VM_FAULT_SET_HINDEX(hstate_index(h)); } @@ -97136,7 +97281,7 @@ index a98c7fc..393f8f1 100644 } unset_migratetype_isolate(page, MIGRATE_MOVABLE); diff --git a/mm/memory.c b/mm/memory.c -index 7f30bea..67cb92b 100644 +index 102af09..4118c57 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -403,6 +403,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, @@ -98021,7 +98166,7 @@ index b1eb536..091d154 100644 capable(CAP_IPC_LOCK)) ret = do_mlockall(flags); diff --git a/mm/mmap.c b/mm/mmap.c -index 085bcd8..916b1d4 100644 +index d4c97ba..916b1d4 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -37,6 +37,7 @@ @@ -98086,24 +98231,6 @@ index 085bcd8..916b1d4 100644 /* * Make sure vm_committed_as in one cacheline and not cacheline shared with * other variables. It can be updated by several CPUs frequently. -@@ -129,7 +150,7 @@ EXPORT_SYMBOL_GPL(vm_memory_committed); - */ - int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin) - { -- unsigned long free, allowed, reserve; -+ long free, allowed, reserve; - - vm_acct_memory(pages); - -@@ -193,7 +214,7 @@ int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin) - */ - if (mm) { - reserve = sysctl_user_reserve_kbytes >> (PAGE_SHIFT - 10); -- allowed -= min(mm->total_vm / 32, reserve); -+ allowed -= min_t(long, mm->total_vm / 32, reserve); - } - - if (percpu_counter_read_positive(&vm_committed_as) < allowed) @@ -247,6 +268,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma) struct vm_area_struct *next = vma->vm_next; @@ -99632,7 +99759,7 @@ index 05f1180..c3cde48 100644 out: if (ret & ~PAGE_MASK) diff --git a/mm/nommu.c b/mm/nommu.c -index 3ee4f74..d79b8e2 100644 +index 76b3f90..d79b8e2 100644 --- a/mm/nommu.c +++ b/mm/nommu.c @@ -66,7 +66,6 @@ int sysctl_max_map_count = DEFAULT_MAX_MAP_COUNT; @@ -99667,24 +99794,6 @@ index 3ee4f74..d79b8e2 100644 *region = *vma->vm_region; new->vm_region = region; -@@ -1905,7 +1896,7 @@ EXPORT_SYMBOL(unmap_mapping_range); - */ - int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin) - { -- unsigned long free, allowed, reserve; -+ long free, allowed, reserve; - - vm_acct_memory(pages); - -@@ -1969,7 +1960,7 @@ int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin) - */ - if (mm) { - reserve = sysctl_user_reserve_kbytes >> (PAGE_SHIFT - 10); -- allowed -= min(mm->total_vm / 32, reserve); -+ allowed -= min_t(long, mm->total_vm / 32, reserve); - } - - if (percpu_counter_read_positive(&vm_committed_as) < allowed) @@ -2001,8 +1992,8 @@ int generic_file_remap_pages(struct vm_area_struct *vma, unsigned long addr, } EXPORT_SYMBOL(generic_file_remap_pages); @@ -99730,7 +99839,7 @@ index 9f45f87..749bfd8 100644 unsigned long bg_thresh, unsigned long dirty, diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index ea41913..d1a474f 100644 +index 0479732..4c6aee3 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -61,6 +61,7 @@ @@ -99826,7 +99935,7 @@ index ea41913..d1a474f 100644 if (order && (gfp_flags & __GFP_COMP)) prep_compound_page(page, order); -@@ -1948,7 +1988,7 @@ static void reset_alloc_batches(struct zone *preferred_zone) +@@ -1946,7 +1986,7 @@ static void reset_alloc_batches(struct zone *preferred_zone) do { mod_zone_page_state(zone, NR_ALLOC_BATCH, high_wmark_pages(zone) - low_wmark_pages(zone) - @@ -99835,7 +99944,7 @@ index ea41913..d1a474f 100644 zone_clear_flag(zone, ZONE_FAIR_DEPLETED); } while (zone++ != preferred_zone); } -@@ -5711,7 +5751,7 @@ static void __setup_per_zone_wmarks(void) +@@ -5709,7 +5749,7 @@ static void __setup_per_zone_wmarks(void) __mod_zone_page_state(zone, NR_ALLOC_BATCH, high_wmark_pages(zone) - low_wmark_pages(zone) - @@ -99844,7 +99953,7 @@ index ea41913..d1a474f 100644 setup_zone_migrate_reserve(zone); spin_unlock_irqrestore(&zone->lock, flags); -@@ -6652,4 +6692,4 @@ void dump_page(struct page *page, char *reason) +@@ -6650,4 +6690,4 @@ void dump_page(struct page *page, char *reason) { dump_page_badflags(page, reason, 0); } @@ -102492,7 +102601,7 @@ index 2e87eec..6301eb0 100644 switch (ss->ss_family) { diff --git a/net/compat.c b/net/compat.c -index cbc1a2a..ab7644e 100644 +index 275af79..859a46f 100644 --- a/net/compat.c +++ b/net/compat.c @@ -73,9 +73,9 @@ int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg) @@ -102622,7 +102731,7 @@ index cbc1a2a..ab7644e 100644 struct group_filter __user *kgf; int __user *koptlen; u32 interface, fmode, numsrc; -@@ -804,7 +804,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args) +@@ -795,7 +795,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args) if (call < SYS_SOCKET || call > SYS_SENDMMSG) return -EINVAL; @@ -102645,7 +102754,7 @@ index a16ed7b..eb44d17 100644 return err; diff --git a/net/core/dev.c b/net/core/dev.c -index 4ed77d7..e1ef1c9 100644 +index f6d8d7f..846845c 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -1695,14 +1695,14 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) @@ -103048,7 +103157,7 @@ index 723fa7d..81bd037 100644 iph->ttl = 64; iph->protocol = IPPROTO_UDP; diff --git a/net/core/pktgen.c b/net/core/pktgen.c -index fdac61c..e5e5b46 100644 +index ca68d32..236499d 100644 --- a/net/core/pktgen.c +++ b/net/core/pktgen.c @@ -3719,7 +3719,7 @@ static int __net_init pg_net_init(struct net *net) @@ -103061,7 +103170,7 @@ index fdac61c..e5e5b46 100644 pr_warn("cannot create /proc/net/%s\n", PG_PROC_DIR); return -ENODEV; diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c -index a6613ff..810aa44 100644 +index 8aadd6a..adf3f59 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -58,7 +58,7 @@ struct rtnl_link { @@ -103099,7 +103208,7 @@ index a6613ff..810aa44 100644 } EXPORT_SYMBOL_GPL(__rtnl_link_unregister); -@@ -2010,6 +2013,10 @@ replay: +@@ -2006,6 +2009,10 @@ replay: if (IS_ERR(dest_net)) return PTR_ERR(dest_net); @@ -103110,7 +103219,7 @@ index a6613ff..810aa44 100644 dev = rtnl_create_link(dest_net, ifname, ops, tb); if (IS_ERR(dev)) { err = PTR_ERR(dev); -@@ -2689,6 +2696,9 @@ static int rtnl_bridge_setlink(struct sk_buff *skb, struct nlmsghdr *nlh) +@@ -2693,6 +2700,9 @@ static int rtnl_bridge_setlink(struct sk_buff *skb, struct nlmsghdr *nlh) if (br_spec) { nla_for_each_nested(attr, br_spec, rem) { if (nla_type(attr) == IFLA_BRIDGE_FLAGS) { @@ -103120,7 +103229,7 @@ index a6613ff..810aa44 100644 have_flags = true; flags = nla_get_u16(attr); break; -@@ -2759,6 +2769,9 @@ static int rtnl_bridge_dellink(struct sk_buff *skb, struct nlmsghdr *nlh) +@@ -2763,6 +2773,9 @@ static int rtnl_bridge_dellink(struct sk_buff *skb, struct nlmsghdr *nlh) if (br_spec) { nla_for_each_nested(attr, br_spec, rem) { if (nla_type(attr) == IFLA_BRIDGE_FLAGS) { @@ -103425,10 +103534,19 @@ index c38e7a2..773e3d7 100644 } EXPORT_SYMBOL_GPL(sock_diag_unregister); diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c -index cf9cd13..8b56af3 100644 +index cf9cd13..26d07e0 100644 --- a/net/core/sysctl_net_core.c +++ b/net/core/sysctl_net_core.c -@@ -32,7 +32,7 @@ static int rps_sock_flow_sysctl(struct ctl_table *table, int write, +@@ -25,6 +25,8 @@ + static int zero = 0; + static int one = 1; + static int ushort_max = USHRT_MAX; ++static int min_sndbuf = SOCK_MIN_SNDBUF; ++static int min_rcvbuf = SOCK_MIN_RCVBUF; + + #ifdef CONFIG_RPS + static int rps_sock_flow_sysctl(struct ctl_table *table, int write, +@@ -32,7 +34,7 @@ static int rps_sock_flow_sysctl(struct ctl_table *table, int write, { unsigned int orig_size, size; int ret, i; @@ -103437,7 +103555,7 @@ index cf9cd13..8b56af3 100644 .data = &size, .maxlen = sizeof(size), .mode = table->mode -@@ -200,7 +200,7 @@ static int set_default_qdisc(struct ctl_table *table, int write, +@@ -200,7 +202,7 @@ static int set_default_qdisc(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { char id[IFNAMSIZ]; @@ -103446,7 +103564,43 @@ index cf9cd13..8b56af3 100644 .data = id, .maxlen = IFNAMSIZ, }; -@@ -379,13 +379,12 @@ static struct ctl_table netns_core_table[] = { +@@ -223,7 +225,7 @@ static struct ctl_table net_core_table[] = { + .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = proc_dointvec_minmax, +- .extra1 = &one, ++ .extra1 = &min_sndbuf, + }, + { + .procname = "rmem_max", +@@ -231,7 +233,7 @@ static struct ctl_table net_core_table[] = { + .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = proc_dointvec_minmax, +- .extra1 = &one, ++ .extra1 = &min_rcvbuf, + }, + { + .procname = "wmem_default", +@@ -239,7 +241,7 @@ static struct ctl_table net_core_table[] = { + .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = proc_dointvec_minmax, +- .extra1 = &one, ++ .extra1 = &min_sndbuf, + }, + { + .procname = "rmem_default", +@@ -247,7 +249,7 @@ static struct ctl_table net_core_table[] = { + .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = proc_dointvec_minmax, +- .extra1 = &one, ++ .extra1 = &min_rcvbuf, + }, + { + .procname = "dev_weight", +@@ -379,13 +381,12 @@ static struct ctl_table netns_core_table[] = { static __net_init int sysctl_core_net_init(struct net *net) { @@ -103462,7 +103616,7 @@ index cf9cd13..8b56af3 100644 if (tbl == NULL) goto err_dup; -@@ -395,17 +394,16 @@ static __net_init int sysctl_core_net_init(struct net *net) +@@ -395,17 +396,16 @@ static __net_init int sysctl_core_net_init(struct net *net) if (net->user_ns != &init_user_ns) { tbl[0].procname = NULL; } @@ -103484,7 +103638,7 @@ index cf9cd13..8b56af3 100644 err_dup: return -ENOMEM; } -@@ -420,7 +418,7 @@ static __net_exit void sysctl_core_net_exit(struct net *net) +@@ -420,7 +420,7 @@ static __net_exit void sysctl_core_net_exit(struct net *net) kfree(tbl); } @@ -103777,6 +103931,42 @@ index 0d1e2cb..4501a2c 100644 EXPORT_SYMBOL(sysctl_local_reserved_ports); void inet_get_local_port_range(struct net *net, int *low, int *high) +diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c +index e34dccb..4eeba4e 100644 +--- a/net/ipv4/inet_diag.c ++++ b/net/ipv4/inet_diag.c +@@ -71,6 +71,20 @@ static inline void inet_diag_unlock_handler( + mutex_unlock(&inet_diag_table_mutex); + } + ++static size_t inet_sk_attr_size(void) ++{ ++ return nla_total_size(sizeof(struct tcp_info)) ++ + nla_total_size(1) /* INET_DIAG_SHUTDOWN */ ++ + nla_total_size(1) /* INET_DIAG_TOS */ ++ + nla_total_size(1) /* INET_DIAG_TCLASS */ ++ + nla_total_size(sizeof(struct inet_diag_meminfo)) ++ + nla_total_size(sizeof(struct inet_diag_msg)) ++ + nla_total_size(SK_MEMINFO_VARS * sizeof(u32)) ++ + nla_total_size(TCP_CA_NAME_MAX) ++ + nla_total_size(sizeof(struct tcpvegas_info)) ++ + 64; ++} ++ + int inet_sk_diag_fill(struct sock *sk, struct inet_connection_sock *icsk, + struct sk_buff *skb, struct inet_diag_req_v2 *req, + struct user_namespace *user_ns, +@@ -324,9 +338,7 @@ int inet_diag_dump_one_icsk(struct inet_hashinfo *hashinfo, struct sk_buff *in_s + if (err) + goto out; + +- rep = nlmsg_new(sizeof(struct inet_diag_msg) + +- sizeof(struct inet_diag_meminfo) + +- sizeof(struct tcp_info) + 64, GFP_KERNEL); ++ rep = nlmsg_new(inet_sk_attr_size(), GFP_KERNEL); + if (!rep) { + err = -ENOMEM; + goto out; diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c index 8b9cf27..9c17cab 100644 --- a/net/ipv4/inet_hashtables.c @@ -103821,7 +104011,7 @@ index bf2cb4a..d83ba8a 100644 p->rate_tokens = 0; /* 60*HZ is arbitrary, but chosen enough high so that the first diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c -index c10a3ce..dd71f84 100644 +index 9ff497d..877a388 100644 --- a/net/ipv4/ip_fragment.c +++ b/net/ipv4/ip_fragment.c @@ -283,7 +283,7 @@ static inline int ip_frag_too_far(struct ipq *qp) @@ -103833,7 +104023,7 @@ index c10a3ce..dd71f84 100644 qp->rid = end; rc = qp->q.fragments && (end - start) > max; -@@ -760,12 +760,11 @@ static struct ctl_table ip4_frags_ctl_table[] = { +@@ -763,12 +763,11 @@ static struct ctl_table ip4_frags_ctl_table[] = { static int __net_init ip4_frags_ns_ctl_register(struct net *net) { @@ -103848,7 +104038,7 @@ index c10a3ce..dd71f84 100644 if (table == NULL) goto err_alloc; -@@ -776,9 +775,10 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net) +@@ -779,9 +778,10 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net) /* Don't export sysctls to unprivileged users */ if (net->user_ns != &init_user_ns) table[0].procname = NULL; @@ -103861,7 +104051,7 @@ index c10a3ce..dd71f84 100644 if (hdr == NULL) goto err_reg; -@@ -786,8 +786,7 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net) +@@ -789,8 +789,7 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net) return 0; err_reg: @@ -104137,7 +104327,7 @@ index 2510c02..cfb34fa 100644 pr_err("Unable to proc dir entry\n"); return -ENOMEM; diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c -index 04ce671..f13b8c2 100644 +index b94002a..f13b8c2 100644 --- a/net/ipv4/ping.c +++ b/net/ipv4/ping.c @@ -59,7 +59,7 @@ struct ping_table { @@ -104149,38 +104339,20 @@ index 04ce671..f13b8c2 100644 EXPORT_SYMBOL_GPL(pingv6_ops); static u16 ping_port_rover; -@@ -259,6 +259,9 @@ int ping_init_sock(struct sock *sk) +@@ -259,10 +259,9 @@ int ping_init_sock(struct sock *sk) kgid_t low, high; int ret = 0; -+ if (sk->sk_family == AF_INET6) +-#if IS_ENABLED(CONFIG_IPV6) + if (sk->sk_family == AF_INET6) +- inet6_sk(sk)->ipv6only = 1; +-#endif + sk->sk_ipv6only = 1; + inet_get_ping_group_range_net(net, &low, &high); if (gid_lte(low, group) && gid_lte(group, high)) return 0; -@@ -305,6 +308,11 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk, - if (addr_len < sizeof(*addr)) - return -EINVAL; - -+ if (addr->sin_family != AF_INET && -+ !(addr->sin_family == AF_UNSPEC && -+ addr->sin_addr.s_addr == htonl(INADDR_ANY))) -+ return -EAFNOSUPPORT; -+ - pr_debug("ping_check_bind_addr(sk=%p,addr=%pI4,port=%d)\n", - sk, &addr->sin_addr.s_addr, ntohs(addr->sin_port)); - -@@ -330,7 +338,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk, - return -EINVAL; - - if (addr->sin6_family != AF_INET6) -- return -EINVAL; -+ return -EAFNOSUPPORT; - - pr_debug("ping_check_bind_addr(sk=%p,addr=%pI6c,port=%d)\n", - sk, addr->sin6_addr.s6_addr, ntohs(addr->sin6_port)); -@@ -350,7 +358,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk, +@@ -359,7 +358,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk, return -ENODEV; } } @@ -104189,7 +104361,7 @@ index 04ce671..f13b8c2 100644 scoped); rcu_read_unlock(); -@@ -558,7 +566,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) +@@ -567,7 +566,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) } #if IS_ENABLED(CONFIG_IPV6) } else if (skb->protocol == htons(ETH_P_IPV6)) { @@ -104198,7 +104370,7 @@ index 04ce671..f13b8c2 100644 #endif } -@@ -576,7 +584,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) +@@ -585,7 +584,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) info, (u8 *)icmph); #if IS_ENABLED(CONFIG_IPV6) } else if (family == AF_INET6) { @@ -104207,16 +104379,7 @@ index 04ce671..f13b8c2 100644 info, (u8 *)icmph); #endif } -@@ -716,7 +724,7 @@ static int ping_v4_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *m - if (msg->msg_namelen < sizeof(*usin)) - return -EINVAL; - if (usin->sin_family != AF_INET) -- return -EINVAL; -+ return -EAFNOSUPPORT; - daddr = usin->sin_addr.s_addr; - /* no remote port */ - } else { -@@ -860,7 +868,7 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, +@@ -869,7 +868,7 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, return ip_recv_error(sk, msg, len, addr_len); #if IS_ENABLED(CONFIG_IPV6) } else if (family == AF_INET6) { @@ -104225,7 +104388,7 @@ index 04ce671..f13b8c2 100644 addr_len); #endif } -@@ -918,10 +926,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, +@@ -927,10 +926,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, } if (inet6_sk(sk)->rxopt.all) @@ -104238,7 +104401,7 @@ index 04ce671..f13b8c2 100644 else if (skb->protocol == htons(ETH_P_IP) && isk->cmsg_flags) ip_cmsg_recv(msg, skb); #endif -@@ -1116,7 +1124,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f, +@@ -1125,7 +1124,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f, from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)), 0, sock_i_ino(sp), atomic_read(&sp->sk_refcnt), sp, @@ -105345,23 +105508,10 @@ index 767ab8d..c5ec70a 100644 return -ENOMEM; } diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c -index bda7429..5b5bbe3 100644 +index 4611995..5b5bbe3 100644 --- a/net/ipv6/ping.c +++ b/net/ipv6/ping.c -@@ -103,9 +103,10 @@ int ping_v6_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, - - if (msg->msg_name) { - DECLARE_SOCKADDR(struct sockaddr_in6 *, u, msg->msg_name); -- if (msg->msg_namelen < sizeof(struct sockaddr_in6) || -- u->sin6_family != AF_INET6) { -+ if (msg->msg_namelen < sizeof(*u)) - return -EINVAL; -+ if (u->sin6_family != AF_INET6) { -+ return -EAFNOSUPPORT; - } - if (sk->sk_bound_dev_if && - sk->sk_bound_dev_if != u->sin6_scope_id) { -@@ -246,6 +247,24 @@ static struct pernet_operations ping_v6_net_ops = { +@@ -247,6 +247,24 @@ static struct pernet_operations ping_v6_net_ops = { }; #endif @@ -105386,7 +105536,7 @@ index bda7429..5b5bbe3 100644 int __init pingv6_init(void) { #ifdef CONFIG_PROC_FS -@@ -253,13 +272,7 @@ int __init pingv6_init(void) +@@ -254,13 +272,7 @@ int __init pingv6_init(void) if (ret) return ret; #endif @@ -105401,7 +105551,7 @@ index bda7429..5b5bbe3 100644 return inet6_register_protosw(&pingv6_protosw); } -@@ -268,14 +281,9 @@ int __init pingv6_init(void) +@@ -269,14 +281,9 @@ int __init pingv6_init(void) */ void pingv6_exit(void) { @@ -105548,7 +105698,7 @@ index cc85a9b..526a133 100644 return -ENOMEM; } diff --git a/net/ipv6/route.c b/net/ipv6/route.c -index 6f1b850..50e95c7 100644 +index 3809ca2..fdda6b4 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -2970,7 +2970,7 @@ struct ctl_table ipv6_route_table_template[] = { @@ -105865,7 +106015,7 @@ index e15c16a..7cf07aa 100644 if (!ipx_proc_dir) goto out; diff --git a/net/irda/ircomm/ircomm_tty.c b/net/irda/ircomm/ircomm_tty.c -index 2ba8b97..6d33010 100644 +index fdcb968..2b6cc59 100644 --- a/net/irda/ircomm/ircomm_tty.c +++ b/net/irda/ircomm/ircomm_tty.c @@ -317,11 +317,11 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self, @@ -105921,7 +106071,7 @@ index 2ba8b97..6d33010 100644 /* Not really used by us, but lets do it anyway */ self->port.low_latency = (self->port.flags & ASYNC_LOW_LATENCY) ? 1 : 0; -@@ -987,7 +987,7 @@ static void ircomm_tty_hangup(struct tty_struct *tty) +@@ -989,7 +989,7 @@ static void ircomm_tty_hangup(struct tty_struct *tty) tty_kref_put(port->tty); } port->tty = NULL; @@ -105930,7 +106080,7 @@ index 2ba8b97..6d33010 100644 spin_unlock_irqrestore(&port->lock, flags); wake_up_interruptible(&port->open_wait); -@@ -1344,7 +1344,7 @@ static void ircomm_tty_line_info(struct ircomm_tty_cb *self, struct seq_file *m) +@@ -1346,7 +1346,7 @@ static void ircomm_tty_line_info(struct ircomm_tty_cb *self, struct seq_file *m) seq_putc(m, '\n'); seq_printf(m, "Role: %s\n", self->client ? "client" : "server"); @@ -106249,18 +106399,6 @@ index 6ff1346..936ca9a 100644 return -EFAULT; return p; -diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c -index e5a7ac2..dca076f 100644 ---- a/net/mac80211/tx.c -+++ b/net/mac80211/tx.c -@@ -562,6 +562,7 @@ ieee80211_tx_h_check_control_port_protocol(struct ieee80211_tx_data *tx) - if (tx->sdata->control_port_no_encrypt) - info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; - info->control.flags |= IEEE80211_TX_CTRL_PORT_CTRL_PROTO; -+ info->flags |= IEEE80211_TX_CTL_USE_MINRATE; - } - - return TX_CONTINUE; diff --git a/net/mac80211/util.c b/net/mac80211/util.c index 6427625..afa5a5a 100644 --- a/net/mac80211/util.c @@ -107126,6 +107264,94 @@ index a91e1db..cf3053f 100644 #else ic->i_ack_next = 0; #endif +diff --git a/net/rds/iw_rdma.c b/net/rds/iw_rdma.c +index a817705..dba8d08 100644 +--- a/net/rds/iw_rdma.c ++++ b/net/rds/iw_rdma.c +@@ -88,7 +88,9 @@ static unsigned int rds_iw_unmap_fastreg_list(struct rds_iw_mr_pool *pool, + int *unpinned); + static void rds_iw_destroy_fastreg(struct rds_iw_mr_pool *pool, struct rds_iw_mr *ibmr); + +-static int rds_iw_get_device(struct rds_sock *rs, struct rds_iw_device **rds_iwdev, struct rdma_cm_id **cm_id) ++static int rds_iw_get_device(struct sockaddr_in *src, struct sockaddr_in *dst, ++ struct rds_iw_device **rds_iwdev, ++ struct rdma_cm_id **cm_id) + { + struct rds_iw_device *iwdev; + struct rds_iw_cm_id *i_cm_id; +@@ -112,15 +114,15 @@ static int rds_iw_get_device(struct rds_sock *rs, struct rds_iw_device **rds_iwd + src_addr->sin_port, + dst_addr->sin_addr.s_addr, + dst_addr->sin_port, +- rs->rs_bound_addr, +- rs->rs_bound_port, +- rs->rs_conn_addr, +- rs->rs_conn_port); ++ src->sin_addr.s_addr, ++ src->sin_port, ++ dst->sin_addr.s_addr, ++ dst->sin_port); + #ifdef WORKING_TUPLE_DETECTION +- if (src_addr->sin_addr.s_addr == rs->rs_bound_addr && +- src_addr->sin_port == rs->rs_bound_port && +- dst_addr->sin_addr.s_addr == rs->rs_conn_addr && +- dst_addr->sin_port == rs->rs_conn_port) { ++ if (src_addr->sin_addr.s_addr == src->sin_addr.s_addr && ++ src_addr->sin_port == src->sin_port && ++ dst_addr->sin_addr.s_addr == dst->sin_addr.s_addr && ++ dst_addr->sin_port == dst->sin_port) { + #else + /* FIXME - needs to compare the local and remote + * ipaddr/port tuple, but the ipaddr is the only +@@ -128,7 +130,7 @@ static int rds_iw_get_device(struct rds_sock *rs, struct rds_iw_device **rds_iwd + * zero'ed. It doesn't appear to be properly populated + * during connection setup... + */ +- if (src_addr->sin_addr.s_addr == rs->rs_bound_addr) { ++ if (src_addr->sin_addr.s_addr == src->sin_addr.s_addr) { + #endif + spin_unlock_irq(&iwdev->spinlock); + *rds_iwdev = iwdev; +@@ -180,19 +182,13 @@ int rds_iw_update_cm_id(struct rds_iw_device *rds_iwdev, struct rdma_cm_id *cm_i + { + struct sockaddr_in *src_addr, *dst_addr; + struct rds_iw_device *rds_iwdev_old; +- struct rds_sock rs; + struct rdma_cm_id *pcm_id; + int rc; + + src_addr = (struct sockaddr_in *)&cm_id->route.addr.src_addr; + dst_addr = (struct sockaddr_in *)&cm_id->route.addr.dst_addr; + +- rs.rs_bound_addr = src_addr->sin_addr.s_addr; +- rs.rs_bound_port = src_addr->sin_port; +- rs.rs_conn_addr = dst_addr->sin_addr.s_addr; +- rs.rs_conn_port = dst_addr->sin_port; +- +- rc = rds_iw_get_device(&rs, &rds_iwdev_old, &pcm_id); ++ rc = rds_iw_get_device(src_addr, dst_addr, &rds_iwdev_old, &pcm_id); + if (rc) + rds_iw_remove_cm_id(rds_iwdev, cm_id); + +@@ -598,9 +594,17 @@ void *rds_iw_get_mr(struct scatterlist *sg, unsigned long nents, + struct rds_iw_device *rds_iwdev; + struct rds_iw_mr *ibmr = NULL; + struct rdma_cm_id *cm_id; ++ struct sockaddr_in src = { ++ .sin_addr.s_addr = rs->rs_bound_addr, ++ .sin_port = rs->rs_bound_port, ++ }; ++ struct sockaddr_in dst = { ++ .sin_addr.s_addr = rs->rs_conn_addr, ++ .sin_port = rs->rs_conn_port, ++ }; + int ret; + +- ret = rds_iw_get_device(rs, &rds_iwdev, &cm_id); ++ ret = rds_iw_get_device(&src, &dst, &rds_iwdev, &cm_id); + if (ret || !cm_id) { + ret = -ENODEV; + goto out; diff --git a/net/rds/iw_recv.c b/net/rds/iw_recv.c index 4503335..db566b4 100644 --- a/net/rds/iw_recv.c @@ -108165,7 +108391,7 @@ index 0f73f45..a96aa52 100644 /* make a copy for the caller */ *handle = ctxh; diff --git a/net/sunrpc/cache.c b/net/sunrpc/cache.c -index ae333c1..18521f0 100644 +index 0adc66c..1dca80d 100644 --- a/net/sunrpc/cache.c +++ b/net/sunrpc/cache.c @@ -1609,7 +1609,7 @@ static int create_cache_proc_entries(struct cache_detail *cd, struct net *net) @@ -108489,7 +108715,7 @@ index 6424372..afd36e9 100644 sub->evt.event = htohl(event, sub->swap); sub->evt.found_lower = htohl(found_lower, sub->swap); diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c -index 94404f1..5782191 100644 +index 94404f1..5c1346e 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c @@ -791,6 +791,12 @@ static struct sock *unix_find_other(struct net *net, @@ -108538,7 +108764,24 @@ index 94404f1..5782191 100644 done_path_create(&path, dentry); return err; } -@@ -2344,9 +2363,13 @@ static int unix_seq_show(struct seq_file *seq, void *v) +@@ -2243,11 +2262,14 @@ static unsigned int unix_dgram_poll(struct file *file, struct socket *sock, + writable = unix_writable(sk); + other = unix_peer_get(sk); + if (other) { +- if (unix_peer(other) != sk) { ++ unix_state_lock(other); ++ if (!sock_flag(other, SOCK_DEAD) && unix_peer(other) != sk) { ++ unix_state_unlock(other); + sock_poll_wait(file, &unix_sk(other)->peer_wait, wait); + if (unix_recvq_full(other)) + writable = 0; +- } ++ } else ++ unix_state_unlock(other); + sock_put(other); + } + +@@ -2344,9 +2366,13 @@ static int unix_seq_show(struct seq_file *seq, void *v) seq_puts(seq, "Num RefCount Protocol Flags Type St " "Inode Path\n"); else { @@ -108553,7 +108796,7 @@ index 94404f1..5782191 100644 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu", s, -@@ -2373,8 +2396,10 @@ static int unix_seq_show(struct seq_file *seq, void *v) +@@ -2373,8 +2399,10 @@ static int unix_seq_show(struct seq_file *seq, void *v) } for ( ; i < len; i++) seq_putc(seq, u->addr->name->sun_path[i]); @@ -111335,10 +111578,10 @@ index c4ac3c1..5266261 100644 if (err < 0) return err; diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c -index 566b0f6..636730b 100644 +index ee24057..3114985 100644 --- a/sound/core/pcm_native.c +++ b/sound/core/pcm_native.c -@@ -2811,11 +2811,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream, +@@ -2813,11 +2813,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream, switch (substream->stream) { case SNDRV_PCM_STREAM_PLAYBACK: result = snd_pcm_playback_ioctl1(NULL, substream, cmd, @@ -112352,10 +112595,10 @@ index 0000000..54461af +} diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c new file mode 100644 -index 0000000..82bc5a8 +index 0000000..3b5af59 --- /dev/null +++ b/tools/gcc/constify_plugin.c -@@ -0,0 +1,557 @@ +@@ -0,0 +1,558 @@ +/* + * Copyright 2011 by Emese Revfy <re.emese@gmail.com> + * Copyright 2011-2014 by PaX Team <pageexec@freemail.hu> @@ -112789,7 +113032,8 @@ index 0000000..82bc5a8 +#if BUILDING_GCC_VERSION >= 4008 + .optinfo_flags = OPTGROUP_NONE, +#endif -+#if BUILDING_GCC_VERSION >= 4009 ++#if BUILDING_GCC_VERSION >= 5000 ++#elif BUILDING_GCC_VERSION >= 4009 + .has_gate = false, + .has_execute = true, +#else @@ -112897,8 +113141,8 @@ index 0000000..82bc5a8 + error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key); + } + -+ if (strcmp(lang_hooks.name, "GNU C")) { -+ inform(UNKNOWN_LOCATION, G_("%s supports C only"), plugin_name); ++ if (strncmp(lang_hooks.name, "GNU C", 5) && !strncmp(lang_hooks.name, "GNU C+", 6)) { ++ inform(UNKNOWN_LOCATION, G_("%s supports C only, not %s"), plugin_name, lang_hooks.name); + constify = false; + } + @@ -112915,10 +113159,10 @@ index 0000000..82bc5a8 +} diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h new file mode 100644 -index 0000000..e90c205 +index 0000000..cd95c07 --- /dev/null +++ b/tools/gcc/gcc-common.h -@@ -0,0 +1,295 @@ +@@ -0,0 +1,375 @@ +#ifndef GCC_COMMON_H_INCLUDED +#define GCC_COMMON_H_INCLUDED + @@ -112955,7 +113199,13 @@ index 0000000..e90c205 +#include "timevar.h" + +#include "params.h" ++ ++#if BUILDING_GCC_VERSION <= 4009 +#include "pointer-set.h" ++#else ++#include "hash-map.h" ++#endif ++ +#include "emit-rtl.h" +//#include "reload.h" +//#include "ira.h" @@ -112970,11 +113220,21 @@ index 0000000..e90c205 +//#include "coverage.h" +//#include "value-prof.h" + ++#if BUILDING_GCC_VERSION == 4005 ++#include <sys/mman.h> ++#endif ++ +#if BUILDING_GCC_VERSION >= 4007 +#include "tree-pretty-print.h" +#include "gimple-pretty-print.h" -+#include "c-tree.h" -+//#include "alloc-pool.h" ++#endif ++ ++#if BUILDING_GCC_VERSION >= 4006 ++//#include "c-tree.h" ++//#include "cp/cp-tree.h" ++#include "c-family/c-common.h" ++#else ++#include "c-common.h" +#endif + +#if BUILDING_GCC_VERSION <= 4008 @@ -112996,6 +113256,7 @@ index 0000000..e90c205 +#include "stor-layout.h" +#include "internal-fn.h" +#include "gimple-expr.h" ++#include "gimple-fold.h" +//#include "diagnostic-color.h" +#include "context.h" +#include "tree-ssa-alias.h" @@ -113018,7 +113279,11 @@ index 0000000..e90c205 +#endif + +//#include "lto/lto.h" ++#if BUILDING_GCC_VERSION >= 4007 +//#include "data-streamer.h" ++#else ++//#include "lto-streamer.h" ++#endif +//#include "lto-compress.h" + +//#include "expr.h" where are you... @@ -113028,6 +113293,15 @@ index 0000000..e90c205 +extern void debug_dominance_info(enum cdi_direction dir); +extern void debug_dominance_tree(enum cdi_direction dir, basic_block root); + ++#ifdef __cplusplus ++static inline void debug_tree(const_tree t) ++{ ++ debug_tree(CONST_CAST_TREE(t)); ++} ++#else ++#define debug_tree(t) debug_tree(CONST_CAST_TREE(t)) ++#endif ++ +#define __unused __attribute__((__unused__)) + +#define DECL_NAME_POINTER(node) IDENTIFIER_POINTER(DECL_NAME(node)) @@ -113035,12 +113309,20 @@ index 0000000..e90c205 +#define TYPE_NAME_POINTER(node) IDENTIFIER_POINTER(TYPE_NAME(node)) +#define TYPE_NAME_LENGTH(node) IDENTIFIER_LENGTH(TYPE_NAME(node)) + ++// should come from c-tree.h if only it were installed for gcc 4.5... ++#define C_TYPE_FIELDS_READONLY(TYPE) TREE_LANG_FLAG_1(TYPE) ++ +#if BUILDING_GCC_VERSION == 4005 -+#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls; vars && (D = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), I) ++#define FOR_EACH_VEC_ELT_REVERSE(T,V,I,P) for (I = VEC_length(T, (V)) - 1; VEC_iterate(T, (V), (I), (P)); (I)--) ++#define FOR_EACH_LOCAL_DECL(FUN, I, D) FOR_EACH_VEC_ELT_REVERSE(tree, (FUN)->local_decls, I, D) +#define DECL_CHAIN(NODE) (TREE_CHAIN(DECL_MINIMAL_CHECK(NODE))) +#define FOR_EACH_VEC_ELT(T, V, I, P) for (I = 0; VEC_iterate(T, (V), (I), (P)); ++(I)) +#define TODO_rebuild_cgraph_edges 0 + ++#ifndef O_BINARY ++#define O_BINARY 0 ++#endif ++ +static inline bool gimple_call_builtin_p(gimple stmt, enum built_in_function code) +{ + tree fndecl; @@ -113090,17 +113372,32 @@ index 0000000..e90c205 +#if BUILDING_GCC_VERSION <= 4006 +#define ANY_RETURN_P(rtx) (GET_CODE(rtx) == RETURN) +#define C_DECL_REGISTER(EXP) DECL_LANG_FLAG_4(EXP) -+ -+// should come from c-tree.h if only it were installed for gcc 4.5... -+#define C_TYPE_FIELDS_READONLY(TYPE) TREE_LANG_FLAG_1(TYPE) ++#define EDGE_PRESERVE 0ULL ++#define HOST_WIDE_INT_PRINT_HEX_PURE "%" HOST_WIDE_INT_PRINT "x" ++#define flag_fat_lto_objects true + +#define get_random_seed(noinit) ({ \ + unsigned HOST_WIDE_INT seed; \ + sscanf(get_random_seed(noinit), "%" HOST_WIDE_INT_PRINT "x", &seed); \ + seed * seed; }) + -+static inline bool gimple_clobber_p(gimple s) ++#define int_const_binop(code, arg1, arg2) int_const_binop((code), (arg1), (arg2), 0) ++ ++static inline bool gimple_clobber_p(gimple s __unused) ++{ ++ return false; ++} ++ ++static inline bool gimple_asm_clobbers_memory_p(const_gimple stmt) +{ ++ unsigned i; ++ ++ for (i = 0; i < gimple_asm_nclobbers(stmt); i++) { ++ tree op = gimple_asm_clobber_op(stmt, i); ++ if (!strcmp(TREE_STRING_POINTER(TREE_VALUE(op)), "memory")) ++ return true; ++ } ++ + return false; +} + @@ -113109,6 +113406,11 @@ index 0000000..e90c205 + return implicit_built_in_decls[fncode]; +} + ++static inline int ipa_reverse_postorder(struct cgraph_node **order) ++{ ++ return cgraph_postorder(order); ++} ++ +static inline struct cgraph_node *cgraph_get_create_node(tree decl) +{ + struct cgraph_node *node = cgraph_get_node(decl); @@ -113154,8 +113456,11 @@ index 0000000..e90c205 +#endif + +#if BUILDING_GCC_VERSION <= 4007 ++#define FOR_EACH_FUNCTION(node) for (node = cgraph_nodes; node; node = node->next) +#define FOR_EACH_VARIABLE(node) for (node = varpool_nodes; node; node = node->next) +#define PROP_loops 0 ++#define NODE_SYMBOL(node) (node) ++#define NODE_DECL(node) (node)->decl + +static inline int bb_loop_depth(const_basic_block bb) +{ @@ -113185,6 +113490,8 @@ index 0000000..e90c205 +#define last_basic_block_for_fn(FN) ((FN)->cfg->x_last_basic_block) +#define label_to_block_map_for_fn(FN) ((FN)->cfg->x_label_to_block_map) +#define profile_status_for_fn(FN) ((FN)->cfg->x_profile_status) ++#define BASIC_BLOCK_FOR_FN(FN, N) BASIC_BLOCK_FOR_FUNCTION((FN), (N)) ++#define NODE_IMPLICIT_ALIAS(node) (node)->same_body_alias + +static inline const char *get_tree_code_name(enum tree_code code) +{ @@ -113196,9 +113503,8 @@ index 0000000..e90c205 +#endif + +#if BUILDING_GCC_VERSION == 4008 -+#define NODE_DECL(node) node->symbol.decl -+#else -+#define NODE_DECL(node) node->decl ++#define NODE_SYMBOL(node) (&(node)->symbol) ++#define NODE_DECL(node) (node)->symbol.decl +#endif + +#if BUILDING_GCC_VERSION >= 4008 @@ -113209,8 +113515,26 @@ index 0000000..e90c205 +#define TODO_dump_cgraph 0 +#endif + ++#if BUILDING_GCC_VERSION <= 4009 ++#define TODO_verify_il 0 ++#endif ++ +#if BUILDING_GCC_VERSION >= 4009 +#define TODO_ggc_collect 0 ++#define NODE_SYMBOL(node) (node) ++#define NODE_DECL(node) (node)->decl ++#define cgraph_node_name(node) (node)->name() ++#define NODE_IMPLICIT_ALIAS(node) (node)->cpp_implicit_alias ++#endif ++ ++#if BUILDING_GCC_VERSION >= 5000 ++#define TODO_verify_ssa TODO_verify_il ++#define TODO_verify_flow TODO_verify_il ++#define TODO_verify_stmts TODO_verify_il ++#define TODO_verify_rtl_sharing TODO_verify_il ++ ++#define debug_cgraph_node(node) (node)->debug() ++#define cgraph_get_node(decl) cgraph_node::get(decl) +#endif + +#endif @@ -119682,10 +120006,10 @@ index 0000000..4378111 +} diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data new file mode 100644 -index 0000000..3d3508d +index 0000000..f084dc7 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data -@@ -0,0 +1,6042 @@ +@@ -0,0 +1,6045 @@ +intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL +ocfs2_get_refcount_tree_3 ocfs2_get_refcount_tree 0 3 NULL +storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL @@ -124178,6 +124502,7 @@ index 0000000..3d3508d +joydev_handle_JSIOCSAXMAP_48898 joydev_handle_JSIOCSAXMAP 3 48898 NULL +xdi_copy_to_user_48900 xdi_copy_to_user 4 48900 NULL +msg_hdr_sz_48908 msg_hdr_sz 0 48908 NULL ++rts51x_ctrl_transfer_48914 rts51x_ctrl_transfer 8 48914 NULL +sep_crypto_dma_48937 sep_crypto_dma 0 48937 NULL +si5351_write_parameters_48940 si5351_write_parameters 2 48940 NULL +event_heart_beat_read_48961 event_heart_beat_read 3 48961 NULL @@ -124320,6 +124645,7 @@ index 0000000..3d3508d +lpfc_idiag_pcicfg_read_50334 lpfc_idiag_pcicfg_read 3 50334 NULL +snd_pcm_lib_writev_50337 snd_pcm_lib_writev 0-3 50337 NULL +tpm_read_50344 tpm_read 3 50344 NULL ++rts51x_bulk_transfer_buf_50352 rts51x_bulk_transfer_buf 4 50352 NULL +isdn_ppp_read_50356 isdn_ppp_read 4 50356 NULL +iwl_dbgfs_echo_test_write_50362 iwl_dbgfs_echo_test_write 3 50362 NULL +xfrm_send_migrate_50365 xfrm_send_migrate 5 50365 NULL @@ -125188,6 +125514,7 @@ index 0000000..3d3508d +journal_init_dev_59384 journal_init_dev 5 59384 NULL +__net_get_random_once_59389 __net_get_random_once 2 59389 NULL +isku_sysfs_read_keys_function_59412 isku_sysfs_read_keys_function 6 59412 NULL ++rts51x_transfer_data_59416 rts51x_transfer_data 4 59416 NULL +pci_ctrl_read_59424 pci_ctrl_read 0 59424 NULL +vxge_hw_ring_rxds_per_block_get_59425 vxge_hw_ring_rxds_per_block_get 0 59425 NULL +SyS_sched_setaffinity_59442 SyS_sched_setaffinity 2 59442 NULL |